By Charlie Hayward, CharlieHayward@MarylandReporter.com
In the last four years, the Department of Human Resources (DHR) overspent its budget by $27 million and inadvertently masked its overruns with improper accounting adjustments, an audit of the department has revealed.
After the audit came out, DHR removed the director of the grants management office due to concerns about oversight of millions of dollars of grants. The Office of Legislative Audits (OLA) released the report late last month covering some DHR operations for three years, ending in August 2012.
The audit also found that DHR paid legal bills without checking to make sure the work had been performed and did not address major weaknesses that could result in fraud in computer systems that deliver or track food stamps, child support payments, and foster care payments.
The department promised to correct most of the problems, but it pointed out that the auditors did not actually find any fraud had occurred.
Four years of deficit spending had been masked by improper accounting entries
During 2010-13, DHR spent $26.7 million more than its available budgetary resources. This overspending, according to the audit, apparently created a deficit balance that will need to be zeroed out with extra appropriations or more money from the general fund. Worse, auditors said the overspending was unintentionally concealed because the department improperly counted future-year revenues in the same accounting calculations with current expenses.
In response to the audit, DHR said it thought the accounting adjustments were proper. DHRs response also agreed with the OLAs recommendation to avoid improper adjustments in the future. The response did not, however, address the need to undo improper entries and zero out any deficit spending that may have accumulated since 2010.
DHR didnt check legal bills
DHR paid lawyers $13.7 million during 2012 without checking the lawyers invoices. Those lawyers were contracted to represent indigent adults in protective services and children in child assistance and parental-rights cases in court.
The audit found that DHR did not perform on-site quality reviews at lawyers offices, or failed to document any results from such visits in the few cases where DHR said they had visited. In addition, DHR did not obtain required annual reports from 11 of the 12 law firms contracted to represent DHR beneficiaries. The auditors said DHR made no attempt to notify the firms that the reports were overdue.
Some of these problem had gone uncorrected after being identified in previous audits.
In response to the audit, DHR said it implemented corrective action for all recommendations.
DHRs grants management was inadequate
The audit found that DHR did not oversee $14 million in grant funding to organizations and agencies that provide emergency food, housing and support for the disadvantaged.
That included paying for goods and services without knowing if the intended recipients actually got them and failing to ensure grantees submitted activity reports. In 113 of 119 instances, DHR could not locate the reports to show the auditors.
Lastly, the auditors said DHR failed to perform grantee site visits corresponding with almost 80% of grantee expenditures. Similar problems were found in the previous audit of the department.
In response to the audit, DHR said it removed the director of the Office of Grants Management and made other personnel changes. DHR also said it implemented corrective action for all recommendations.
DHR Information Technology (IT) system controls exposed the department to fraud
The audit found major vulnerabilities in large IT systems that DHR oversees for food stamps, child support payments, and foster care payments. These systems help deliver benefits, as well as track and manage beneficiaries eligibility.
OLA reported 12 significant weaknesses within four of DHRs mission-critical systems. Two were repeat findings.
In the current fiscal year, these systems will process data corresponding with more than $2 billion of DHRs transactions. Some of the risks include:
-- Fictitious food-stamp beneficiaries who could obtain goods and possibly cash from bank-issued debit cards
-- Unauthorized purchase orders for fictitious goods or services
-- Improper changes within databases containing sensitive beneficiary information, including sabotage by disgruntled employees or contractors.
-- Computer security violations that cannot be detected in a timely manner
-- Improper segregation of duties that could enable one person to perpetrate and conceal wrongdoing
-- Allowing too many people too many system privileges and access
In response to the audit, DHR suggested that OLAs descriptions of the risks were overstated. However, DHR agreed to implement the recommendations, while pointing out that auditors did not actually find any fraud or malfeasance.