HomeMy WebLinkAboutMINUTES - 12192005 - C.87 -TO: BOARD OF SUPERVISORS
Contra
FROM: INTERNAL OPERATIONS COMMITTEE g`; - - („ ;"�
Costa
DATE: DECEMBER 5, 2005 ------ `�' County
a covrTT�1
SUBJECT: STATUS REPORT ON EMPLOYMENT AND HUMAN SERVICES DEPARTMENT
INTERNAL SECURITY PLAN
SPECIFIC REQUEST(S)OR RECOMMENDATIONS)&BACKGROUND AND JUSTIFICATION
RECOMMENDATIONS:
I. ACCEPT report prepared by the Employment and Human Services Director on the administration of a
department security plan to prevent welfare and other types of internal theft or fraud.
2. DIRECT the Employment and Human Services Director to report back to the Internal Operations
Committee in March 2006 on internal security and specifically on the establishment of controls and
monitoring tools to track and maintain case data for child care cases.
3. DIRECT staff to work with the Employment and Human Services Department to organize a
demonstration of the new California Works Information Network(CalWIN) system during a regular
Board of Supervisors meeting in March 2006.
CONTINUED ON ATTACHMENT: YES - SIGNATURE:
_RECOMMENDATION OF COUNTY ADMINISTRATOR _COMMEND 10 OF BOARD COMMITTEE
✓APPROVE _OTHER
SIGNATURE
B.UI MA,CHAIR MARK DeSAULNIER
ACTION OF BOARD ON Gt'! APPROVE AS RECOMMENDED /pIrR
VOTE OF SUPERVISORS I HEREBY CERTIFY THAT THIS IS A TRUE
AND CORRECT COPY OF AN ACTION TAKEN
UNANIMOUS(ABSENT /�i//J P� ) AND ENTERED ON THE MINUTES OF THE
BOARD OF SUPERVISORS ON THE DATE
AYES: NOES: SHOWN.
ABSENT: ABSTAIN:
ATTESTED: JANUARY 10,2006
CONTACT: JULIE ENEA(925)335-1077
JOHN SWEETEN,CLERK OF THE BOARD OF SUPERVISORS
AND COUNTY ADMINISTRATOR
CC: INTERNAL OPERATIONS COMMITTEE STAFF
COUNTY ADMINISTRATOR
EMPLOYMENT AND HUMAN SERVICES DIRECTOR
BY DEPUTY
I
EHSD Internal Security Program December 5,2005
Internal Operations Committee Page 2
BACKGROUND:
On April 6, 1999, the Board of Supervisors referred to the 2000 Internal Operations Committee (IOC) the
monitoring of actions taken by the Employment and Human Services Department(EHSD) following the
filing of fraud charges against two County employees, and on County check issuance procedures and
administration of petty cash funds,particularly the Immediate Need Imprest Fund. The 1999 IOC
dispensed with issues and concerns regarding County check issuance procedures and administration of
petty cash funds, and had these items removed as referrals.
The 2000 IOC recommended to the Board that EHSD staff, in addition to establishing a Fraud Hotline,
return to the 10 Committee on November 13, 2000 with a follow-up report that addresses:
a. Identification of the individual who monitors system security access in the EHS, and the process
and criteria used to determine security access levels.
b. Review and verification of appropriate system security access for existing staff, in addition to new
staff. II
C. Clarification of the levels of managers who will review program compliance and security reports
for the 2nd Party Review Process, and how accountability will be established.
d. Progress on the implementation of the Comprehensive 2"d Party Review Process for welfare cases
and transactions.
e. Use of random sampling of be, issuances to enhance fraud detection efforts.
f. Clarification of the mandated Electronic Benefit Transfer(EBT)Process for food stamp issuances,
and an evaluation of the option for using EBT for cash issuances and related effects on security.
g. Verification that new check stock is being used for Imprest Fund disbursements.
The 2000 IOC subsequently recommended to the Board that the EHSD provide an annual status report to
the IOC on efforts to develop and administer a comprehensive internal security program.
Since 2000, EHSD has made regular reports to the IOC on its progress in implementing and expanding its
internal security program. In 2003, the IOC and the Board of Supervisors commended EHSD on the
development of a multiple strategies to lower risk and exposure to internal fraud, and asked the Finance
Committee to identify ways to preserve these efforts through budget reductions.
Attached is an update from the Employment and Human Services Director on the Department's
continuing progress and efforts to expand the security program. The Director reports that the
implementation of the California Works Information Network(CalVAN) system has, by necessity,been
the department's primary focus for the last year and will continue to be for some time to come. The
system affects the maintenance and services delivery of all major EHS programs: CalWORKS, Food
Stamps, Medi-Cal, General Assistance, and Foster Care. The department's guiding principle continues to
be to effectively lower the risk and exposure to internal fraud and maintain a high level of employee
accountability throughout the department.
d ,
EMPLOYMENT AND HUMAN SERVICES
CONTRA COSTA COUNTY
DATE November 28, 2005
TO Supervisor M. DeSaulnier
Supervisor G. B. Uilkema
Internal Operations Committee
FROM John B. Cullen, Director �.
SUBJECT Status Report on Internal Security Plan
Recommendations
ACCEPT the report presented by the EHSD Director on the status of efforts to
implement the Department's Internal Security Plan.
REPORT OUT to the Board of Supervisors the actions and strategies taken to positively
impact the security environment.
BACKGROUND
Since 1998, the Employment and Human Services Department (EHSD) has made
significant improvements in its internal control environment, and has successfully raised
the level of accountability throughout the organization. We have remained committed to
effectively managing the inherent risk and exposure to internal fraud, and balancing this
effort with our need to meet all legislative mandates and cost effective measures. Most
recently, in August 2005, we undertook the immense challenge of becoming the seventh
county in California to implement CalWIN (CaIWORKS Information Network), the new
automated public assistance eligibility system that replaced CDS/GIS. Consequently, in
the past year, our employees,1 supervisors and managers have focused much of their
efforts and resources on planning and implementation for this major change that has
affected all operations. As a result, our primary internal security efforts during this past
year and into 2006 now focus on utilizing Ca1WIN to positively impact both operations
and security.
ACTIONS AND STRATEGIES TAKEN THAT IMPACT OUR SECURITY
ENVIRONMENT
In the past year, EHSD has significantly modified its district operations in order to
implement CaIW1N and assume the task of converting approximately 90,000 cases over
from the discontinued CDS%GIS legacy system. Throughout the planning and
implementation phases, our primary objective has been to effectively manage the
r
Internal Operations Committee
Internal Security Plan
November 28, 2005
Page 2 of 4
Department's public assistance caseloads and ensure that benefits are issued timely and
correctly to recipients. We have also been mindful of the need for adequate security over
all related processes. Given the magnitude of this redesign effort and the complexity of
the new system, many aspects of the implementation process are ongoing, as is the task
of re-designing security monitoring tools and enhancements.
With only four months having elapsed since the August go-live date, we are currently
testing and validating the new district office procedures for control adequacy, and
evaluating the accompanying new reports and system data. Report extracts showing
disbursement activity and other case transactions have just recently become available
from the vendor for our examination and querying. While we will likely need to make
adjustments in some operational and management reporting areas, our expectation
continues to be that the new system positively affects the maintenance and service
delivery of our major programs: CalWORKS, Food Stamps, Medi-Cal, General
Assistance, and Foster Care.
Currently, strategies for improving the ongoing internal security environment are
focusing on the following areas/ tasks:
1. Examining the a(curacy and completeness of the CalWIN audit trail, online
system reports, and data extracts.
2. Testing the various subsystems in Ca1WIN for adequacy of control
procedures, particularly over benefit disbursement activity. We are
assessing the adequacy of segregation of duties, as well as other critical
"checks and balances".
3. Redesigning our fraud monitoring tools to reflect the new Ca1WIN data
elements and programming configuration. This task will require further
system programming and support from the Information Technology
Division, working together with our Fiscal staff.
4. Identifying, and promoting with the vendor, the implementation of
additional security edits and programming controls.
5. Assessing the effectiveness of the on-line supervisory approval/review
technology and identifying possible future improvements in how we use
this function.
6. Identifying the need for further written operational policies and procedures
to support the new system's need for controls.
7. Establishing a new process to review employees' computer access levels to
ensure that the ability to make monetary-type changes is assigned strictly
based on job function and need.
Internal Operations Committee
Internal Security Plan
November 28, 2005
Page 3 of 4
8. Evaluating the new control environment for child care supportive service
payments. Because of reporting issues associated with Ca1WIN, we
recently implemented a separate system known as "CARES" that is
designed to fully track and maintain case data for all of our child care cases.
With this new system, there is the need to establish a set of controls and
design additional monitoring tools.
Prior to our current work plan, we made some positive process changes to Ca1WIN as
part of"go-live" that will help improve overall security:
1. Centralized Pro I ider Unit - We reorganized staff responsibilities and
established a centralized unit that verifies and enters new payment
providers (third party payees and vendors) into the CaIWIN system. This
validation process improves segregation controls over the monthly issuance
of approximately 8,500 payments to third party payees.
2. CaseSTARS System - We successfully converted the Department's
welfare paper case files to a more efficient and streamlined computer image
format. This large scale document imaging project is known as
"CaseSTAR". On a routine basis now, designated employees in the district
offices scan and index welfare case file applications, forms, verifications,
and other documentation so that the materials are readily retrievable online.
While increasing efficiency at the field level, this system also supports our
security fraud monitoring and other auditing efforts by making the case
supporting documentation easily viewable.
3. Access Control (- We also were able to implement online controls over
staff's access tol cases categorized as "confidential", thereby restricting
access to the designated "confidential case" workers and their supervisors.
Additionally, through security profiles, we implemented a process to assign
and control staf I s access to view or change all other cases, strictly on a
"need to know" basis.
4. Service Center - The Department also implemented a large scale
operational change by launching the Medi-Cal/Food Stamp Service Center
in our Cavallo Road office. As a result, all on-going Medi-Cal and Non-
assistance Food Stamp cases have been centralized and are administered at
this one location, supported by both Ca1WIN and Service Center Phone
technology. In the future, we expect there will be resultant benefits to the
security environment as cases no longer reside strictly under the designated
w
• Internal Operations Committee
Internal Security Plan
November 28, 2005
Page 4 of 4
workers' control, but instead are routinely subject to review (and action) by
other workers in the center, thus providing a "second set of eyes" on
potentially all cases in the pooled caseloads.
SUMMARY
Throughout 2006, we will continue to be significantly involved in CaIWIN "post-
implementation" activities. Currently, and in the next several months, our Program,
Fiscal, Security, and Information Technology staff is working to ensure that the new
system is adequately secure, and that any necessary compensating controls are fully in
place. We are also focusing on adapting our fraud detection tools to the Ca1WIN design
as soon as possible. As before our guiding principle is to effectively lower the risk and
exposure to internal fraud and maintain a high level of employee accountability
throughout the organization.