Audit of the Executive Office of Elder Affairs Objectives, Scope, and Methodology

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of certain activities of the Executive Office of Elder Affairs (EOEA) for the period July 1, 2015 through June 30, 2017.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Below is a list of our audit objectives, indicating each question we intended our audit to answer, the conclusion we reached regarding each objective, and where each objective is discussed in the audit findings.

We gained an understanding of the internal controls we deemed significant to our audit objectives and evaluated the design and effectiveness of those controls for management oversight over the abuse report process.

We compared the number of abuse reports that were received by the Elder Abuse Hotline and were screened in to the number of reports that were screened in by EOEA’s Centralized Intake Unit (CIU) after it was established in June 2017. We noted that the number of screened-in abuse reports increased after the CIU was established (see Appendix).

We reviewed data expungement reports in APS and asked EOEA management about the process of expunging or removing screened-out reports and unsubstantiated abuse allegations from APS.

We assessed the reliability and completeness of APS, which was provided by EOEA. As part of the assessment, we reviewed existing APS information that had not been expunged from the system, tested selected system controls, and interviewed knowledgeable IT personnel and the Protective Services Program director about the data and the significance thereof. In addition, we performed validity tests and traced APS’s front-end data, which we accessed directly by logging in to the system, to APS’s back-end warehouse data, which were obtained by our data analytics team, to verify each data field reviewed in the system. We tested for missing key data and scanned for duplicate records. Based on the assessment conducted, we determined that the data, though incomplete because of expungement practices, were sufficiently reliable for the purpose of this report.

We determined whether PSAs adequately documented key content for each case investigation as required by Section 5.10 of Title 651 of the Code of Massachusetts Regulations (CMR). We performed a statistical, nonjudgmental test of 170 alleged abuse incidents, not projected to the test population of 44,384⁹ alleged abuse incidents, to ensure that the PSAs complied with the documentation requirements of 651 CMR 5.10 when writing case notes in APS. Specifically, 651 CMR 5.10(1) states that investigations must document the following:

(a)  The identity of the allegedly Abused Elder;

(b)  The nature, extent, and cause(s) of the alleged serious physical or emotional injury or Financial Exploitation;

(c)  The identity of the person(s) or support system of Caretakers alleged to be responsible for the alleged injuries.

To test EOEA’s compliance with this regulation, we verified that the name of each elderly person who was allegedly abused was included in the documentation in APS, along with detailed descriptions of alleged incidents, identities of alleged perpetrators, determinations by PSAs, and other key information in support of the PSAs’ case conclusions.

Using Audit Command Language (ACL) data analytics, we performed a classification analysis¹⁰ on all 193 PSA employees in APS who screened abuse reports, as well as a classification analysis on all PSA caseworkers who were assigned to investigate reported incidents of alleged abuse after screening. We performed this analysis to ensure segregation of duties between screening abuse reports and investigating alleged incidents of abuse. According to 651 CMR 5.09,

Upon receipt of an oral or written report (whichever is received first), a Protective Services Agency shall ensure that all reports are evaluated immediately by a Protective Services Supervisor or designated backup supervisor, in order to determine the immediacy and severity of the alleged harm or risk, and the appropriate initial response.

We tested to determine, from a population of 193 workers who performed screenings during the audit period, whether each person who determined whether to screen in an abuse report for investigation was at or above supervisor level. We reviewed APS and queried each of the 193 workers’ roles to ensure that they were supervisors authorized to screen in abuse reports for investigation.

Using ACL data analytics, we selected a random statistical sample of 200 alleged abuse incidents out of 44,384 total alleged abuse incidents during the audit period, downloaded from APS; we did not project our sample to the test population. We analyzed the incidents in detail to determine whether allegations of abuse were investigated by caseworkers and whether the closure of each investigation was authorized by a PSA supervisor.

We filtered the APS data we obtained to focus solely on abuse reports that were screened out by PSA supervisors, to ensure that supervisors took the appropriate steps to screen all reports and, when screening reports out, adequately documented their rationales in APS. We selected a random statistical sample of 50 abuse reports that were screened out during the audit period, out of a test population of 2,089, to ensure that there were no reportable conditions that should have warranted investigations of elder abuse but were not reported in APS by EOEA or its designated PSAs. We did not project our sample to the test population. In addition to our analysis of the APS data, we also reviewed each designation review report prepared by EOEA to determine whether PSA supervisors appropriately documented their screening decisions in APS.

We joined abuse report data and investigation data into a single consolidated data set to verify that every investigation report had a matching screened-in abuse report. We analyzed the data in APS to ensure that each alleged abuse report in APS that was screened in could be matched to its associated investigation in APS. (The associated investigation is manually linked in APS to the alleged-abuse report after it is received by EOEA and/or PSAs, when the incident is initially reported and screened in.)

Using ACL data analytics, we filtered incident data derived from investigations from APS to review a population of 190 incidents of alleged elder abuse from the audit period in which an elderly person died while a PSA was investigating their alleged abuse. We tested the population of 190 fatalities to ensure that EOEA or its designated PSAs made referrals to district attorneys’ (DAs’) offices when required in accordance with Sections 16(b) and 18(a) of Chapter 19A of the General Laws, 651 CMR 5.02, and 651 CMR 5.19. In addition, if a DA referral was necessary, we reviewed cases in APS for documentation that the referral was made.