HomeMy WebLinkAboutMINUTES - 12192000 - SD2 To: BOARD OF SUPERVISORS
FROM" INTERNAL OPERATIONS COMMITTEE
DATE: December 19, 2000
SUBJECT: STATUS REPORT ON CORRECTIVE ACTIONS TAKEN BY THE
EMPLOYMENT AND HUMAN SERVICES DEPARTMENT
TO DETECT AND PREVENT 'WELFARE FRAUD
SPECIFIC REQUEST(S)OR RECOMMENDATION(S)&BACKGROUND AND JUSTIFICATION;
RECOMMENDATIONS:
1. ACCEPT the attached report on the status of the Employment and Human Services
Department's (EHS) Internal Security Plan to detect and prevent theft of County funds
relating to benefit issuance.
2. COMMEND EHS for the high level of attention devoted to enhancing internal security
and increasing employee sensitivity to fraud through staff training.
3. DIRECT the EHS Director to return to the Internal Operations Committee in six months
with a follow-up report on the progress of:
a. Contracts review, both fiscal and programmatic
b. Implementation of the Internal Security Plan
c. The process for assigning security system access
d. The Welfare Fraud Hotline
e. The results of both randoms and strategic checks on benefit issuances
BACKGROUND:
On April 6, 1999, the Board of Supervisors referred to our Committee the issue of the theft
of funds from the EHS (formerly Social Service Department), which had recently taken place.
This referral was expanded to include concerns that had been expressed regarding the size
and number of petty cash funds which are in existence in the County, particularly the
Immediate Need Imprest Fund.
CONTINUED ON ATTACHMENT: X YES SIGNATURE:
RECOMMENDATION OF COUNTY ADMINISTRATOR X RECOMMENDATION OF BOARD COMMITTEE
APPROVE OTHER
SIGNATURE
�GAYLE�BUT17KEMA MARK DeSAULNIER
ACTION OF BOARD ON APPROVE AS RECOMMENDED OTHER
VOTE OF SUPERVISORS I HEREBY CERTIFY THAT THIS IS A TRUE
AND CORRECT COPY OF AN ACTION TAKEN
UNANIMOUS(ABSENT ) AND ENTERED ON THE MINUTES OF THE
BOARD OF SUPERVISORS ON THE DATE
AYES: NOES: SH O
ABSENT: ABSTAIN:
ATTESTED
:L\\'
CONTACT: JULIE ENEA (9525)335-1077 PH B ELO ,CLER THE
cc: INTERNAL OPERATIONS COMMITTEE STAFF BOARD OF SUPERVISORS AND
COUNTY ADMINISTRATOR COUNTY ADMINISTRATOR
EMPLOYMENT AND HUMAN SERVICES DIRECTOR
AUDITOR-CONTROLLER
3
BY DEPUTY
WELFARE FRAUD PREVENTION DECEMBER 19, 2000
PAGE 2
The Internal Operations Committee has met with the Employment and Human Services
Department approximately every six months since the referral was made by the Board to
monitor the actions taken by EHS following the filing of fraud charges against two County
employees, and on County check issuance procedures and administration of petty cash funds.
Our Committee last reported to you on July 18, 2000, indicating that we were satisfied with
the controls on the imprest and petty cash funds, and directing that EHS report back to us with
additional information regarding specific questions we had in response to its June 26, 2000
report and that a Welfare Fraud Hotline be established as soon as possible.
Our Committee received the attached report from the Employment and Human Services
Director on November 13, 2000, addressing some specific questions we had regarding his
June 20`' report. We are satisfied that EHS continues to progress in the implementation of its
plan and has, furthermore, enhanced the original plan. We are interested in seeing the
Welfare Fraud Hotline established and would like the EHS Director to continue to pursue this.
The EHS Director pointed out that several new automated systems will be put in place during
the next five years that may create new security issues. In recognition that the Internal
Security flan is a "living" plan that will continue to evolve in response to new challenges, we
recommend that the Department provide another update to the Internal Operations
Committee in approximately six months.
Employment & Human. Services Department Contra Costa County
Date. November 6, 2000
MEMO TO: Julie Enea, Senior Deputy
Office of the County Administrator
FROM: John Cullen, Director I�C/
SUBJECT: 2000 Internal Operation Committee- EHS Status Report
Enclosed is our follow up report to the 2000 Internal Operations Committee
addressing the committee's recommendations from the July 18, 2000 IOC report
to the Board.
Please contact EHS'�;,Ralph McGee at 313-1669 or Christine Sadika at 313-1715,
if you have questions regarding any of the report's details.
cc: Kenneth J. Corcoran, Auditor-Controller
Jason Crapo, Management Analyst, CAE
Don Cruze, Assistant Director, EHS
Ralph McGee, Division Manager, EHS
ESH Status Report to 10C November 6, 2000
Subject: Fraud Prevention/Detection
ERS Follow-up Report to 10C Recommendations of July 18, 2000
Since our previous report, EHS has continued to take actions to improve internal
financial security and increase fraud detection and monitoring capabilities. Our
objective remains to lower risk and exposure to internal fraud, while also meeting
Federal, State and County mandates. The following update addresses
recommendations (highlighted in bold) from the July 18, 2040 IOC report.
1. Identification of the individual who monitors system security access in the
ERS, and the process and criteria used to determine security access levels.
(See #2 below.)
2. Review and verification of appropriate system security access for existing
staff, in addition to new staff.
The Information Technology (IT) Division's Security Administrator, in the
EHS Administrative Services Bureau, maintains and controls security access
levels for employees using the CDS/GIS computer system. Currently, there are
approximately 1,504 system users assigned access, ranging from "inquiry"
(viewing of case data) to "update" capabilities. The Department's standard is
that employees receive the minimum level of computer access necessary to
perform their assigned duties, consistent with the respective job classification
and Department-wide operational policies.
When a newly hired employee needs computer access, a supervisor completes
a request (control) document. Before processing the request, the Security
Administrator confirms the identity and job class of the employee, and applies
the established standards. The Security Administrator rejects any requests
contrary to standards.
Occasionally, exceptions are made based on a demonstrated need because of
short-term projects or temporary assignments. These exceptions are kept to a
minimum, and when granted, the Fiscal Compliance/Security unit reviews the
user's activity on the computer system, and/or tests transactions for the
duration of the temporary "exception".
When an employee is reassigned to a new function, a request process (similar
to the above) occurs. When staff separates, Personnel communicates this
information to the Security Administrator who then removes the user from the
security system.
To provide a further "check and balance", the Fiscal C'onipliance/Security Unit
has developed an autorrrated process to identify and correct any (and all)
2
ESH Status Report to IOC November 6,2000
inadvertent mismatches in job functions/classes versus assigned access. This
facilitates a 100 percent review. With IT and Fiscal Compliance's combined
oversight of this area, we feel that EHS has an effective process to ensure
employees' security clearances are consistent with established job functions.
3. Clarification of the levels of managers who will review program
compliance and security reports. and how accountability will be
established.
A variety of compliance and security review processes have historically been
in place within the Administrative Services and four program bureaus, and
these processes are continuing:
• Quality Control reviews welfare cases for program compliance.
• 'Welfare Fraud Investigations examines welfare cases for compliance,
and for fraud prevention and detection.
• Early Fraud reviews high.-risk cases to help prevent welfare fraud.
• Quality Assurance in the Family and Children's Services' Bureau
monitors compliance with State child welfare service requirements.
• Special Projects conducts targeted case reviews to measure compliance
with State participation and other program requirements.
• Program. and Fiscal staff monitor contract compliance.
• Fiscal and Program Analysts coordinate and facilitate a variety of
external compliance audits by Federal, State, and County auditors
reviewing welfare programs and operations.
In 1998, EHS also adopted an Internal Security Plan to further define our
mission, to minimize risk and exposure to internal fraud, reinforce employee
accountability and compliance, and ensure that public funds are safeguarded.
With this Plan, we implemented these additional internal control and
compliance monitoring processes:
• Established a Fiscal Compliance/Security Unit, in the Administrative
Services Bureau, that is responsible for
V Designing and reviewing fraud monitoring reports
✓ Conducting on site audits and other independent reviews
addressing specific control and compliance issues
✓ Promoting control enhancements on the computer systems and
with regard to operational procedures.
V Closely monitoring the process for assigning CDS/GIS security
access levels to employees.
3
ESH Status Report to IOC November 6,2000
• As a result, we completed the following actions involving the Fiscal
Compliance/Security Unit, since the last IOC report in July:
✓ Designed 10 additional automated fraud alert reports (for total of
34 designed to-date) to increase monitoring of high-risk case
transactions.
✓ Reviewed and tested an average of 2,200 case transactions per
month.
• Conducted a specialized internal control review.
✓ Participated in the development of policy enhancements to
segregate and control payment functions.
✓ Increased fraud detection capabilities by creating an automated
monitoring database of daily transaction activity input by
approximately 700 computer users.
✓ Worked with IT and DOIT to design an automated process to
fully monitor the effectiveness of the Department's computer
security assignment function.
✓ Provide input to Staff Development that resulted in Supervisory
Training on Fraud Prevention/Detection.
✓ Established quarterly meetings, between senior management at
the Assistant Director level and above, and the Fiscal
Compliance/Security supervisor, to provide updates on security
and compliance issues, and evaluate ongoing strategies and
actions.
✓ Participated in the ongoing, detail design of a Second Party
Review process for welfare cases to redefine compliance
monitoring responsibilities at other levels in the organization
including: Program Bureau Unit Supervisors, Program Division
Managers, and other Administrative Services staff. For progress
on this, refer to the next item.
................
ESDI Status Report to IOC November 6,2000
4. Progress on the implementation of the Comprehensive 2"d Party Review
Process for welfare cases and transactions.
Background: In our previous report to the 10C, we described the following
plans for a comprehensive "Second.Party Review"process to monitor welfare
cases and transactions for compliance ('and some security) issues:
• Supervisors regularly review a sample of we fare cases to assess
program compliance and some documentation/security issues.
• Full management reporting of review results.
• A Corrective Action Process with effective fallow-up to identify needed
reforms and propose solutions.
• A new, independent Quality Assurance Unit to perform ongoing and
targe case reviews (separate from the supervisory case reviews) of
case handling activities.
• An interface involving supervisors, managers, Quality Assurance, and
Internal Security staff to share, and act on, the variety of information
obtained from the above review processes.
Current Status: An EPIS "Second Party Review" Committee of Division
Managers, representing the Department Bureaus (Work Force Services,
Children & Family Services, Adult & Aging Services, and Administrative
Services) has been appointed, charged and now meets regularly to design a
process that will be long lasting and effective.
This design phase continues, and progress has been made in the last three
months since the prior IOC meeting, including the development of job
specifications, acquisition of a position, and recruitment and selection of an
employee to serve in the role of Operational Reviews &.Financial Audits
Coordinator. This individual is now helping the committee finalize written
operating procedures. Once this is completed, the employee will coordinate
the collecting, interpreting, and reporting of actual data generated from three
ongoing sources:
• Monthly Supervisory case reviews that will include review of cases with
high risk characteristics,
• Regular and targeted case reviews by a new Quality Assurance (QA)
Unit, and
• Supplemental reviews by Internal Security (Fiscal Compliance/Security
Unit) of high-risk transactions.
Through the QA. Review and Supervisor Review Process, information will
flow to the case record, the District, Policy and Administration Division
Managers, and the Bureau Directors. The Coordinator will review the
5
ESH Status Report to 10C November 6,2000
processes to assure the flaw of information continues to move to the impacted
staff.
So that issues are addressed timely, the Operational Reviews & Financial
Audits Coordinator will remain a participant in coordinating the exchange of
information to the above staff.
Since the last IOC report, we have also embarked on building a new QA Unit.
We secured a supervisory position, conducted recruitment, and developed
protocols for performing future welfare case reviews. In the coming months,
the incumbent will assist in staffing the new Unit and devising additional
procedures to begin regular and targeted case reviews.
5. Use of random sampling of benefit issuances to enhance fraud detection
efforts.
The Fiscal Compliance/Security Unit has implemented a process for monthly
monitoring and testing of benefit issuances based on a random sampling audit
technique. This method of random sampling is in addition to targeted fraud
detection sampling techniques previously in place.
6. Clarification of the mandated Electronic Benefit Issuance (EBT) Process
for food stamp issuances, and an evaluation of the option for using EBT
for cash issuances and related effects on security.
.Background: All California counties are federally mandated to implement, by
October 2002 the Electronic Benefit Transfer (EBT) process for issuing food
stamp benefits. California welfare reform also requires implementation of
EBT for food stamps and gives counties the option to use EBT for issuance of
cash benefits under CaIWORKS and General Assistance. The EBT food stamp
process will allow recipients to purchase food at authorizers vendor locations
using their EBT card, a plastic card similar to an ATM card. Each card will
have an individual allotment of food stamp benefits, based on the recipient's
eligibility. EBT will replace the current system whereby recipients receive
food stamps by mail, through private vendors, or in person at welfare offices,
statewide. This new method has been proven in other States to reduce food
stamp issuance costs and minimize fraud and theft. The California State
Department of Social Service (CLASS) has taken the lead role in procuring this
new system.
Current Status. Our Department is continuing to closely follow the EBT
project's status at the state level. The project has been delayed from the State's
original timetable and currently remains in the procurement phase. Contract
negotiations are expected to conclude in the I" quarter 2001, and California
counties including Contra Costa will then receive final cost estimates from the
selected vendor. At that time, counties will complete their cost benefit analysis
6
ESH Status Report to 10C November 6,2000
for inclusion of cash benefits, and formally elect whether to include cash aid
(in addition to the food stamp mandate) in the EBT process. At a local level,
our Department will work closely with the Auditors' and Treasurer's Offices
on this cash determination, and throughout the overall implementation process.
As the EBT project moves closer toward implementation in the next 12-18
months, we expect (as with many new program mandates) there will be
emerging security issues. We will closely analyze these issues, review the
experience of other states and pilot counties, and address the identified issues
with appropriate control procedures.
7. Verification that neva check stock is being used for Imprest Fund
disbursements.
We have confirmed that old Imprest Fund check stock, referencing the $1,000
limitation, has been destroyed. Only new check stock (which omits any
reference to dollar limits) is in use throughout the Department.
8. Implementation of a Welfare Fraud Hotline.
The Department participates in the Welfare Fraud Hotline managed by the
State of California. Eased on IOC directions, EHS has additionally completed
all necessary arrangements to set up an Internal Fraud Hotline. We have:
• Obtained a toll free telephone line
+ Secured specialized voice mail service
+ Completed internal procedural guidelines
• Drafted a communication bulletin to publicize to staff
We stand ready to implement this Hotline immediately, once we receive
Counsel's endorsement on the protocols proposed, and confidentiality
safeguards.