In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor (OSA) has conducted a performance audit of the Department of Unemployment Assistance (DUA) for the period July 1, 2013 through December 31, 2016.
We conducted this performance audit in accordance with generally accepted government auditing standards except in the areas of internal controls and information technology (IT) general controls. In both areas, DUA did not have documented procedures for our review and denied us access to operating personnel who could have given us explanations regarding procedures, system design, and controls. Generally accepted government auditing standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.
Below is our audit objective, indicating the question we intended our audit to answer, the conclusion we reached regarding the objective, and where the objective is discussed in this report.
Our audit was initiated to assess DUA’s collection activities for delinquent employer UI accounts receivable. We also wanted to assess the internal controls that DUA had established for these activities. However, DUA did not respond to repeated verbal and written requests for specific documentation in a timely manner and did not provide timely access to its electronic accounts receivable records. Further, DUA unnecessarily delayed the conduct of our audit work and denied OSA personnel access to data pertaining to the audit objective from its UI Online data warehouse and Microsoft Access database.
Section 7.11 of Chapter 7 of the US Government Accountability Office’s Government Auditing Standards states, “Auditors should . . . report any significant constraints imposed on the audit approach by information limitations or scope impairments, including denials or excessive delays of access to certain records or individuals.”
During our audit, DUA imposed the following constraints on the audit process:
- At DUA’s request, on April 28, 2016, OSA suspended the audit. The agreement reached between OSA and DUA was that the audit could recommence in July 2016. However, in July 2016, DUA officials informed OSA that it did not have the resources necessary to support the audit; it did not allow us to recommence the audit until February 14, 2017.
- DUA did not have documented internal controls, nor did it allow us to observe the accounts receivable cash collection process so we could properly assess the process and identify internal controls. Therefore, we were unable to evaluate the internal controls in place regarding our audit objective.
- We were not given access to DUA’s data center, system documentation, or IT personnel to evaluate general information controls such as access to programs and data, program changes, computer operations, and physical and electronic safeguards.
- DUA did not provide audit reports prepared by external auditors and stated that its internal auditors did not conduct any audits of its accounts receivable.
- DUA did not provide access to UI Online, where the UI accounts receivable information is maintained, in a timely manner. Our initial request for access to UI Online was made in February 2017, and because of DUA’s concerns over confidentiality, access was denied. In June 2017, DUA and OSA reached a confidentiality agreement; however, an additional 2.5 months elapsed before OSA gained access to the UI Online data warehouse.
- In March 2017, before gaining access to UI Online, OSA began working with various DUA management personnel and staff members to generate a list of delinquent UI accounts that would allow OSA to select a sample to test collection activities. After receiving a report from DUA on April 27, 2017 and working with DUA’s staff to validate the report, OSA selected a sample. On June 29, 2017, OSA staff met with the collections manager to conduct a test of collection activities. It was at this point in the process that OSA was informed that only delinquent UI accounts with balances at or above $10,000 of real debt7 would be assigned to the Revenue Enforcement Department staff for collection. Because our sample consisted largely of assessed debt, it was not suitable for conducting our test of collection activities.
- On June 30, 2017, OSA audit staff members requested a report that would differentiate between the amount of UI debt that was assessed by DUA to employers and what DUA refers to as its real debt. However, DUA officials stated that the agency could not provide this information.
Despite these unreasonable constraints imposed by DUA, OSA was able to perform alternative auditing procedures to meet the audit objective sufficiently.
We performed the following procedures to obtain sufficient appropriate audit evidence to address our objective:
- We applied data analysis software to the UI Online database to extract the number of employers with delinquent UI contributions and to develop statistics regarding collectible delinquent contributions and interest from employers. We reviewed DUA's use of payment plans, real property liens, personal property liens, and civil judgments to collect delinquent UI contributions from employers. In addition, we examined DUA’s use of available tools, including both state and federal tax refund intercepts, to proactively recover identified delinquent UI contributions owed by employers. We also included, using data analytics, additional money from outside our audit period that could have been intercepted had DUA participated in the Payment Intercept Program in 2010. We also reviewed various records to determine to what extent DUA used its authority to obtain security collateral from applicable reimbursing employers to ensure that payments would be made. In addition, we determined whether the Commonwealth had made vendor payments to employers who owed over $1,000 to DUA.
- During our audit, we extracted information from UI Online about all accounts receivable as of December 31, 2016. The information included all collectible debt, listed by each employer’s Federal Employer Identification Number and amount owed. We reviewed the DUA Collections Activity Report and compared these two sources to determine against which employers DUA had initiated collection efforts. We then compared the employers that had outstanding UI contributions to the information about agency expenditures in the Commonwealth Information Warehouse (CIW)8 to determine whether the employers were also registered as contractors with state agencies and had received payments from the Commonwealth.
- OSA’s legal staff reviewed regulations to determine whether DUA could have implemented the Payment Intercept Program to collect payments made by the Commonwealth to state contractors who had delinquent UI contributions if it had chosen to do so.
- We performed data validity and integrity tests on data received from DUA in various spreadsheets, including testing for missing data and scanning for duplicate records and hidden rows, columns, and formulas. We also ensured that data from UI Online were accurately reflected in the reports provided to the audit team by DUA management.
OSA also conducted a separate data-reliability assessment of the Massachusetts Management Accounting and Reporting System, which contains the source data for information in the CIW. As part of this assessment, we tested general IT controls for system design and effectiveness. Based on these analyses, we determined that the data obtained from DUA’s electronic records and the CIW were sufficiently reliable for the purposes of this audit. We relied on the hardcopy source documents for other data needs.
analyses, we determined that the data obtained from DUA’s electronic records and the CIW were sufficiently reliable for the purposes of this audit. We relied on the hardcopy source documents for other data needs.
|Date published:||June 15, 2018|