Auditor General reports findings and management comments resulting from fiscal 2022 audit of State’s financial statements

 

STATE HOUSE – The Office of the Auditor General identified various weaknesses in the State’s internal control over financial reporting as part of the annual audit of the State’s financial statements for the fiscal year ended June 30, 2022.  The State has begun planning for the implementation of a comprehensive Enterprise Resource Planning (ERP) system to replace and enhance key statewide financial and administrative systems.  This effort is intended to address long-standing issues which negatively impact controls over operations and financial reporting resulting from the need for (1) increased investment in information technology to keep pace with citizen expectations, (2) rapid technology advancements, (3) meeting federal program compliance mandates, and (4) addressing business continuity risks.

The audit of the State’s fiscal 2022 financial statements was completed in January 2023. This most recent communication prepared by Interim Auditor General David A. Bergantino is directed to the Finance Committee of the House of Representatives and the Joint Committee on Legislative Services – those vested with official oversight of the annual audit.  Auditing standards require communication of deficiencies in internal control over financial reporting and material noncompliance based on the audit.

Overall, the report includes 36 findings detailing deficiencies in internal control or noncompliance matters within the State’s financial reporting entity (State and its discretely presented component units).

The scope and complexity of the ERP system implementation project and the required resources and disciplined project management needed to ensure success should not be underestimated.  The implementation should focus on ensuring a successful outcome through effective management of critical risks.   The State should specifically minimize customization of the cloud-based ERP solution being employed and the amount of disparate IT solutions that it attempts to integrate into its full ERP design.  Such changes can often limit the desired integration of the ERP system and significantly complicate the maintenance and support of the system going forward.

Management focus, training, and implementation resources have been insufficient to ensure that departments and agencies are assessing and documenting internal control consistent with management’s overall responsibility for the adequacy of its design and operation.  Internal controls safeguard public resources and support accurate financial reporting. The State should commit to providing additional training and implementation materials to assist departments and agencies in documenting their internal control. An internal control assessment and documentation effort should be implemented.

The auditors reported that an excessive volume of journal entries are recorded within the accounting system.  This volume weakens controls over the appropriate authorization and classification of expenditures and limits transparency regarding the underlying transactions.  Additionally, significant material audit adjustments were required during the audit indicative of control deficiencies over financial reporting that require immediate corrective actions.

The State can improve controls over recording federal revenue to ensure (1) amounts are consistent with the limitations of grant awards from the federal government and (2) federally claimed expenditures are consistent with amounts recorded in the State’s accounting system. 

Controls within the systems used to process unemployment insurance claims are insufficient to prevent fraudulent unemployment insurance benefit payments, especially the Pandemic Unemployment Assistance benefits.  While decreased from the prior year with expanded pandemic benefits ending in September 2021, the Department of Labor and Training still identified significant amounts of fraudulent benefits paid to claimants. The State’s system for payment of unemployment insurance claims and collection of employment taxes is outdated and needs further modernization.  

The State updated its current cybersecurity readiness and has begun to identify risk mitigation priorities and the resources needed to implement necessary corrective action.  The State does not currently have sufficient resources dedicated for the size and complexity of State operations, and risk mitigation is not progressing quickly enough. 

The complexity of Treasury operations has increased substantially over the years without significant modifications to the State’s investment in technology and personnel to support those efforts and to ensure internal control best practices are maintained. 

The complexity of Medicaid program operations adds to the challenge of accurately accounting for all Medicaid financial activity within the State’s financial statements.  This complexity increases each year through new federal regulations, complex managed care contract settlement provisions, new State initiatives, and continued challenges relating to the State’s integrated human services eligibility system (RIBridges).  Medicaid is the State’s single largest activity - representing nearly 37% of the State’s General Fund expenditures.  The State will need to ensure that the design of the next Medicaid Management Information System will provide the functionalities needed to enhance controls over program operations and fiscal oversight.  

Within the Intermodal Surface Transportation Fund, controls can be enhanced over the presentation of financial statements to ensure consistent and accurate reporting of fund activity in accordance with generally accepted accounting principles.

Controls over the identification of transportation infrastructure assets have been improved but can be further enhanced to ensure the accuracy of such amounts.   Controls should be improved to record the disposal of infrastructure assets when retired or replaced.

In addition to findings that impact Statewide controls over financial reporting and information security, our report includes findings specific to the Rhode Island Lottery, Employees’ Retirement System of Rhode Island, and Rhode Island State Employees’ and Electing Teachers OPEB System.

The report also includes 10 management comments, which highlight various opportunities for enhancement of financial-related operational, policy, or accounting control matters. 

Management’s response to the findings and comments, including planned corrective actions, are detailed in our report.  The Interim Auditor General notes that the State’s Single Audit Report for fiscal 2022 is in progress and is scheduled to be completed later this year.  That report will include findings related to controls over compliance with federal program requirements and the administration of federal programs.

A link to the report is provided below:

Findings and Management Comments- 2022 State Financials (ri.gov)

Summary:

Audit Summary – 2022 State Financial Findings (ri.gov)