HomeMy WebLinkAboutMINUTES - 09252001 - C.79 s........ Contra
TO: BOARD OF SUPERVISORS -
FROM: INTERNAL OPERATIONS COMMITTEE Costa
� .
DATE: SEPTEMBER 25, 2001 �v County
sT'9 COUI��
SUBJECT: EMPLOYMENT AND HUMAN SERVICES DEPARTMENT C17
INTERNAL SECURITY PLAN UPDATE
SPECIFIC REQUEST(S)OR RECOMMENDATION(S)&BACKGROUND AND JUSTIFICATION
RECOMMENDATIONS:
1. ACCEPT report prepared by the Employment and Human Services Department on the status of
its Internal Security Plan to prevent welfare fraud.
2. DIRECT the Employment and Human Services Director to return to the Internal Operations
Committee annually with a status report on the progress of the implementation of the Plan.
BACKGROUND:
On April 6, 1999, the Board of Supervisors referred to the 2000 Internal Operations Committee the
monitoring of actions taken by the EHSD following the filing of fraud charges against two County
employees, and on County check issuance procedures and administration of petty cash funds,
particularly the Immediate Need Imprest Fund. The 1999 Committee reported back to the Board
on County check issuance procedures and administration of petty cash funds, and had these items
removed as referrals.
On July 18, 2000, the Internal Operations Committee made a status report to the Board and
recommended that EHSD staff, in addition to establishing a Fraud Hotline, return to the 10
Committee on November 13, 2000 with a follow-up report that addressed:
a. Identification of the individual who monitors system security access in the EHS, and the
process and criteria used to determine security access levels.
b. Review and verification of appropriate system security access for existing staff, in addition to
new staff.
CONTINUED ON ATTACHMENT: YES SIGNATURE:
RECOMMENDATION OF COUNTY ADMINISTRATOR RECOMMENDATION OF BOARD COMMITTEE
APPROVE OTHER
SIGNATURE(S): ��Qat —
JOHN GIOIA, CHAIR MARK DeSAULNIER
ACTION OF BOARD ON September 25, 2001 APPROVE AS RECOMMENDED XX OTHER
VOTE OF SUPERVISORS I HEREBY CERTIFY THAT THIS IS A TRUE
AND CORRECT COPY OF AN ACTION TAKEN
XX UNANIMOUS(ABSENT None ) AND ENTERED ON THE MINUTES OF THE
BOARD OF SUPERVISORS ON THE DATE
AYES: NOES: SHOWN.
ABSENT: ABSTAIN:
ATTESTED September 25, 2001
CONTACT: JULIE ENEA(925)335-1077 JOHN SWEETEN,CLERK OF THE BOARD OF
SUPERVISORS AND COUNTY ADMINISTRATOR
CC: INTERNAL OPERATIONS COMMITTEE STAFF
EMPLOYMENT AND HUMAN SERVICES
COUNTY ADMINISTRATOR I �J
BY �✓ l/. DEPUTY
Employment & Human Services Department Contra Costa County
Date: September 4, 2001
MEMO TO: Internal Operations Committee c: Julie Enea
Supervisor Mark DeSaulnier
Supervisor John M. Gioia
FROM: John Cullen, Director KyAa (�
SUBJECT: 2001 Internal Operations Committee - EHSD Status Report
Enclosed is our follow-up report addressing the 2001 Internal Operations
Committee's recommendations contained in its December 19, 2000 report to the
Board.
We ask that the Internal Operations Committee accept the attached report on the
status of EHSD's Internal Security Plan.
We also ask that the Committee schedule a future update on the Department's
Internal Security Plan in 2002.
2001 IOC—EHSD Status Report
September 17, 2001- EHSD Status Report on Internal Operations (IO)
Committee's Recommendations of December 19, 2000
Topic —Internal Security Plan
BACKGROUND
In August 1998, EHSD developed a detailed Internal Security Plan (Plan)
describing goals, strategies and actions for improving internal controls over EHSD
operations. Earlier in 1998, we also established a new internal security and
compliance function. Since then, the Department has successfully implemented
many key parts of the Plan, and our attention to the remaining goals remains a
high priority. Given the dynamic nature of our programs and operations, we also
recognize our need to continuously re-assess strategies and actions, and make
appropriate modifications and additions.
EHSD has presented, to the IO Committee, regular reports approximately every
six months beginning in 1999, on the status of the Plan's implementation. We last
presented an update in November 2000, and the Committee made
recommendations to the Board in December. Subject report is our update for
2001.
During 2001, we have continued to aggressively take actions to improve internal
financial security, compliance and accountability within EHSD. Our strategy
remains focused on lowering risk and exposure to internal fraud, through
preventive and detection tools, while ensuring that we meet extensive Federal,
State and County program mandates.
Below, we address the Committee's recommendations from the December 2000
report to the Board.
2
EHSD Internal Security Plan Update September 25, 2001
,Internal Operations Committee Page 2
C. Clarification of the levels of managers who will review program compliance and security
reports for the 2"d Party Review Process, and how accountability will be established.
d. Progress on the implementation of the Comprehensive 2"d Party Review Process for welfare
cases and transactions.
e. Use of random sampling of benefit issuances to enhance fraud detection efforts.
f. Clarification of the mandated Electronic Benefit Transfer (EBT) Process for food stamp
issuances, and an evaluation of the option for using EBT for cash issuances and related
effects on security.
f. Verification that new check stock is being used for Imprest Fund disbursements.
On November 13, 2000, the Committee received this report and provided an update to the Board
of Supervisors, with a recommendation that the Department return to the 10 Committee in six
months with a follow-up report.
Our Committee received the attached follow-up report and is satisfied that the Department
continues to progress and enhance its internal security program. We recommend that the Board
accept the report on progress made to date, and direct the Department to provide another status
report to the Internal Operations Committee in one year's time.
2001 IOC.' EIASD Status Report
1. STATUS UPDATE ON CONTRACT REVIEW PROCESSES
The Department has in place extensive contract administration
and review procedures (covering approximately 270 contracts
totaling over $40 million) to ensure that contract, legal, program
and administrative requirements are met.
❑ Fiscal and Program staff examine all contract payment requests
each month (before payment) for proper documentation and support; .
compliance with budgetary limitations and approval requirements;
compliance with contract, service plan, regulatory and legal
requirements; and achievement of performance outcomes.
❑ A Fiscal monitor and a Program monitor are designated for each
contract to review compliance issues, within their respective areas.
❑ Program managers and staff monitor performance outcomes and
develop specifications and performance measures.
❑ Fiscal staff reviews compliance with payment terms and adherence
to generally accepted accounting standards.
❑ Procurement standards are in place involving Requests for Proposals
and Requests for Interest.
o We also continually seek ways to improve our methods and
procedures to ensure that all contracting processes are fully
adequate. With this in mind, since the previous Committee meeting,
Fiscal staff has initiated a special internal review of the Department's
purchasing function, that includes services, equipment and supplies.
This type of independent review is a feature of EHSD's Security Plan,
in order to provide assurance that processes are functioning well and
provide suggestions for enhancements. We anticipate that this review
will conclude by year-end and any recommendations will be followed
up timely.
3
2001 IOC—EI ISD Status Report
2. IMPLEMENTATION OF THE INTERNAL SECURITY PLAN
SECOND PARTY REVIEWS/ FOCUS ON
ACCOUNTABILITY EHS has designed the following
processes to significantly increase the level of oversight and
review of welfare cases and disbursement related transactions:
❑ Built a new centralized, independent Quality Assurance Unit,
housed in the Administrative Services Bureau, to increase
accountability in areas involving welfare case compliance and
performance. We also anticipate that through this greater scrutiny
over case transactions, the risk of internal fraud will be lowered.
❑ The Quality Assurance Unit's function includes reviewing a
random sample of case transactions per worker, per month, for
compliance with policy requirements and appropriateness of welfare
check and food stamp issuances. Our largest category of welfare
case transactions.involves the Ca1WORKS program, and this will be
the initial focus, with all other programs to follow.
❑ Hired 7 Quality Assurance Specialists to perform monthly case
reviews of all welfare programs.
❑ Hired 1 Quality Assurance Supervisor and recruiting for a
second supervisor to provide oversight and training.
❑ Developed and implemented a computer system to support the
Quality Assurance function. This system generates random,
statistical samples of welfare cases for review, and compiles and
tracks review data, in detail and summary form.
❑ Designed management reports to distribute review results to the
Director, Program Managers, and Division Managers, as well as to
Internal Security and other operational units.
4
• 2001 IOC—EI ISIS Status Report
❑ Developed a comprehensive Quality Assurance Procedural
Manual to facilitate these case reviews, on a systematic basis.
❑ Designed a "Case Discussion" interface process between Quality
Assurance and first line supervisors to ensure corrective actions are
taken timely.
❑ Implemented an "Internal Fraud Checklist" that Quality
Assurance staff completes when reviewing each case to test for
certain fraud issues/indicators, as specified by Fiscal
Compliance/Security. This is another means to increase the level of
scrutiny of case transactions, and provides an added mechanism to
identify possible security breaches or other fraud issues.
❑ Implemented annual Reinvestigation Process for all Ca1WORKS
cases. This was partly designed to again increase the level of second
party review of case transactions completed by case workers. On a
flow basis, Unit supervisors must approve their workers' annual
certifications of Ca1WORKS' welfare cases. To this process, we also
added a security review component, by providing supervisors with a
framework to observe and report security breaches or other fraud
issues.
❑ Our challenge is to develop the remaining part of our Second
Party Review process—to redesign: a formal, standardized
methodology for unit supervisors to use when: reviewing their
staff's handling of welfare cases and related transactions. We
anticipate revising review criteria for certain: transactions, such as
supplemental payments,payments over specified dollar limits,
retroactive payments, andpayee and address transactions.
5
2001 IOC—EHSD Status Report
3. INTERNAL SECURITY PLAN (coNnNuEn)
PROCESS FOR ASSIGNING SECURITY SYSTEM ACCESS
Our systematic process for assigning computer access, and the
close monitoring, as outlined in past updates, remains in place,
and appears to be functioning properly..
❑ We continue to closely manage and monitor our process for
assigning employees an appropriate level of computer access to
case data systems. EHSD's IT Division manages the day to day
screening and processing functions.
❑ Supervisors are required to prepare a formal "security request
form" for their employees, based on established standards.
❑ Our standard is to assign access consistent with the employee's
job duties.
❑ We continue to timely remove obsolete users (separations and
transfers) from the security system.
❑ Each quarter, as an added control to ensure standards are being
adhered to, Fiscal Compliance reviews the status of all security
access assigned to approximately 1,500 employees/users. The most
recent review in July shows that standards are being adhered to
properly.
4. INTERNAL SECURITY PLAN (coNnNuEn)
THE WELFARE FRAUD HOTLINE
❑ EHSD and the District Attorney's Office (DA) have entered into
an Inter-Departmental Services Agreement specifying mutual
responsibilities and guidelines for the cooperative handling of
hotline referrals that pertain to suspected employee (or recipient)
fraud involving EHSD operations and programs.
6
2001 10C—EHSD status Report
❑ EHSD initiated this agreement, after the DA implemented in 2000
a Countywide automated fraud hotline to accept referrals of
suspected fraud.
❑ The DA's hotline accepts referrals involving a variety of areas
including welfare, workers' compensation, insurance and consumer
fraud.
❑ EHSD and the DA have put together a plan to promote
knowledge of the general hotline within the community and among
County offices. This plan includes periodic notices in the local
newspaper, posting the hotline number on the County Internet and
EHSD Intranet sites and on the Contra Costa County Television
(CCTV) access channel, and making available a display poster.
❑ Since the hotline's inception the past year, we have not received
any referrals involving suspected employee fraud.
5. INTERNAL SECURITY PLAN (CONTINUED)
RESULTS OF BOTH RANDOM AND STRATEGIC CHECKS
ON BENEFIT ISSUANCES
❑ EHSD continues to monitor a large volume and variety of
welfare transactions, including check and food stamp issuances, for
security and policy compliance issues.
❑ Employees are on notice that all case transactions are subject to
monitoring and close independent review.
❑ We review transactions and cases using random selection
techniques, as well as strategic fraud indicators and alerts.
2001 IOC—LHSD Status Report
❑ We have enhanced our monitoring tools, particularly by
creating and automating new alerts. This has allowed us to
increase the volume of transactions we review, by approximately 20
per cent, since our last status update. We anticipate that this upward
trend will continue.
o We have also identified compliance and operational issues
needing attention, and initiated the appropriate corrective actions and
clarifying policies.
6. OTHER PLAN STRATEGIES
There are other key parts of our Security Plan that we have
made progress on, such as:
o Promoting sound computer and operational controls when
implementing new programs and systems -- Our program,
administrative, systems and compliance staff work together to help
implement operational controls, as new mandates arise. We have
also continued to strongly advocate for important security controls in
the statewide, new Ca1WIN system scheduled to replace the present
Case Data System (CDS) in a few years.
. ❑ Increasing Staff Awareness Training on Fraud Prevention and
Detection -- EHSD has increased fraud awareness training, with the
latest session held in July for a group of new employees. We
reinforced Departmental and County policies on proper use of
computer systems, databases, e-mail, and the Internet; proper
password security; and the DA fraud hotline. We have scheduled
additional fraud training sessions in November for supervisors and
for another group of new hires.
8
2001 IOC—E14SD Status Report
❑ Participating in quarterly Fraud Prevention/Detection Seminars
(with 37 of the 58 California counties now involved) -- Our
County has worked with other proactive California counties to
promote internal controls and fraud awareness on a statewide basis,
and to share our successes with other counties through periodic
meetings. These sessions provide a formal avenue to exchange
information about successful fraud prevention techniques. EHSD
will be hosting the next All County Meeting in October. We
anticipate that representatives from at least 37 counties will attend.
9