OFFICE
OF
THE INSPECTOR GENERAL
SOCIAL SECURITY ADMINISTRATION
SINGLE
AUDIT OF THE
STATE OF NEW YORK
FOR THE FISCAL YEAR ENDED
MARCH 31, 2006
February
2008
A-77-08-00009
MANAGEMENT ADVISORY REPORT
Mission
By conducting independent and objective audits, evaluations and investigations, we inspire public confidence in the integrity and security of SSA's programs and operations and protect them against fraud, waste and abuse. We provide timely, useful and reliable information and advice to Administration officials, Congress and the public.
Authority
The Inspector General Act created independent audit and investigative units, called the Office of Inspector General (OIG). The mission of the OIG, as spelled out in the Act, is to:
Conduct and supervise independent and objective audits and investigations
relating to agency programs and operations.
Promote economy, effectiveness, and efficiency within the agency.
Prevent and detect fraud, waste, and abuse in agency programs and operations.
Review and make recommendations regarding existing and proposed legislation
and regulations relating to agency programs and operations.
Keep the agency head and the Congress fully and currently informed of problems
in agency programs and operations.
To ensure objectivity, the IG Act empowers the IG with:
Independence to determine what reviews to perform.
Access to all information necessary for the reviews.
Authority to publish findings and recommendations based on the reviews.
Vision
We strive for continual improvement in SSA's programs, operations and management by proactively seeking new ways to prevent and deter fraud, waste and abuse. We commit to integrity and excellence by supporting an environment that provides a valuable public service while encouraging employee development and retention and fostering diversity and innovation.
MEMORANDUM
Date: February 13, 2008
To: Candace Skurnik
Director Audit Management and Liaison Staff
From: Inspector General
Subject: Management Advisory Report: Single Audit of the State of New York for the Fiscal Year Ended March 31, 2006 (A-77-08-00009)
This report presents the Social Security Administration's (SSA) portion of the single audit of the State of New York for the Fiscal Year (FY) ended March 31, 2006. Our objective was to report internal control weaknesses, noncompliance issues, and unallowable costs identified in the single audit to SSA for resolution action.
The accounting firms of KPMG and Toski, Schaefer & Company performed the audit. The Department of Health and Human Services' (HHS) desk review concluded that the audit met Federal requirements. In reporting the results of the single audit, we relied entirely on the internal control and compliance work performed by KPMG, Toski, Schaefer & Company and the reviews performed by HHS. We conducted our review in accordance with the Quality Standards for Inspections issued by the President's Council on Integrity and Efficiency.
For single audit purposes, the Office of Management and Budget assigns Federal programs a Catalog of Federal Domestic Assistance (CFDA) number. SSA's Disability Insurance (DI) and Supplemental Security Income (SSI) programs are identified by CFDA number 96. SSA is responsible for resolving single audit findings reported under this CFDA number.
The New York Disability Determination Services (DDS) performs disability determinations
under SSA's DI and SSI programs in accordance with Federal regulations. The
DDS is reimbursed for 100 percent of allowable costs. The Office of Temporary
and Disability Assistance (OTDA) is the DDS' parent agency.
The single audit reported:
1. OTDA had insufficient standards for the documentation of critical systems applications (Attachment, Pages 1 and 2). The corrective action plan indicates OTDA will make several improvements including developing written descriptions of documentation standards (Attachment, Pages 3 through 5).
2. OTDA software developers inappropriately had the ability to update software in the production environment (Attachment, Pages 6 and 7). The corrective action plan indicates OTDA developed policies and procedures to control software developer access to the production environment (Attachment, Pages 8 and 9).
3. OTDA did not have a plan in place for periodic testing of systems data recovery in the event of an interruption, and it had not performed a test to ensure a complete and error-free recovery of systems data (Attachment, Pages 10 and 11). The corrective action plan indicates that recovery testing was successfully performed following the audit and that plans are in place to periodically run similar recovery testing in the future (Attachment, Pages 12 and 13).
4. Indirect costs were charged to OTDA based on State FY 2006 cost allocation plan (CAP) methodologies submitted to HHS' Division of Cost Allocation (DCA) but not yet approved (Attachment, Pages 14 and 15). The Corrective Action Plan correctly reports that indirect costs can be charged based on allocation methodologies that have been submitted to DCA for approval (Attachment, Pages 16 and 17).
We recommend SSA:
1. Ensure OTDA develops policies and procedures to ensure the New York DDS' critical system applications are sufficiently documented.
2. Verify that OTDA develops policies and procedures to control software developer access to the production environment.
3. Ensure OTDA develops procedures for performing periodic data recovery testing of the systems used by the New York DDS.
4. Upon approval of the State FY 2006 CAP by DCA, work with OTDA to ensure
the indirect costs charged to the New York DDS are in accordance with the approved
methodologies.
Please send copies of the final Audit Clearance Document to Ken Bennett. If
you have questions contact Ken Bennett at (816) 936 5593.
S
Patrick P. O'Carroll, Jr.
Overview of the Office of the Inspector General
The Office of the Inspector General (OIG) is comprised of our Office of Investigations
(OI), Office of Audit (OA), Office of the Chief Counsel to the Inspector General
(OCCIG), and Office of Resource Management (ORM). To ensure compliance with
policies and procedures, internal controls, and professional standards, we also
have a comprehensive Professional Responsibility and Quality Assurance program.
Office of Audit
OA conducts and/or supervises financial and performance audits of the Social
Security Administration's (SSA) programs and operations and makes recommendations
to ensure program objectives are achieved effectively and efficiently. Financial
audits assess whether SSA's financial statements fairly present SSA's financial
position, results of operations, and cash flow. Performance audits review the
economy, efficiency, and effectiveness of SSA's programs and operations. OA
also conducts short-term management and program evaluations and projects on
issues of concern to SSA, Congress, and the general public.
Office of Investigations
OI conducts and coordinates investigative activity related to fraud, waste,
abuse, and mismanagement in SSA programs and operations. This includes wrongdoing
by applicants, beneficiaries, contractors, third parties, or SSA employees performing
their official duties. This office serves as OIG liaison to the Department of
Justice on all matters relating to the investigations of SSA programs and personnel.
OI also conducts joint investigations with other Federal, State, and local law
enforcement agencies.
Office of the Chief Counsel to the Inspector General
OCCIG provides independent legal advice and counsel to the IG on various matters,
including statutes, regulations, legislation, and policy directives. OCCIG also
advises the IG on investigative procedures and techniques, as well as on legal
implications and conclusions to be drawn from audit and investigative material.
Finally, OCCIG administers the Civil Monetary Penalty program.
Office of Resource Management
ORM supports OIG by providing information resource management and systems security.
ORM also coordinates OIG's budget, procurement, telecommunications, facilities,
and human resources. In addition, ORM is the focal point for OIG's strategic
planning function and the development and implementation of performance measures
required by the Government Performance and Results Act of 1993.