To the Honorable Elaine L. Chao Secretary of Labor
The Chief Financial Officers Act of 1990 (CFO Act) requires agencies
to report annually to Congress on their financial status and any other information
needed to fairly present the agencies' financial position and results of
operations. To meet the CFO Act reporting requirements, the United States
Department of Labor (DOL), a Department of the United States Government,
prepares annual financial statements, which are subjected to audit.
The objectives of the audit are to express an opinion on the fair presentation
of DOL's principal financial statements, obtain an understanding of the Department's
internal control, and test compliance with laws and regulations that could
have a direct and material effect on the financial statements.
Additionally, the objectives include expressing an opinion on DOL's compliance
with requirements of the Federal Financial Management Improvement Act
of 1996, based on an examination.
We have audited the consolidated balance sheets of DOL as of September 30,
2004 and 2003, and the related consolidated statements of net cost, changes
in net position, financing, and custodial activity and the combined statements
of budgetary resources for the years then ended. These financial statements
are the responsibility of DOL's management. Our responsibility is to express
an opinion on these financial statements based on our audits.
We conducted our audits in accordance with auditing standards generally
accepted in the United States of America; the standards applicable to financial
audits contained in Government Auditing Standards, issued by the
Comptroller General of the United States; and Office of Management and Budget
(OMB) Bulletin No. 01-02, Audit Requirements for Federal Financial Statements. These
standards require that we plan and perform the audit to obtain reasonable
assurance about whether the financial statements are free of material misstatements.
An audit includes examining, on a test basis, evidence supporting the amounts
and disclosures in the financial statements. An audit also includes assessing
the accounting principles used and significant estimates made by management,
as well as evaluating the overall financial statement presentation. We believe
that our audits provide a reasonable basis for our opinion.
Relationship to the Single Audit Act
The financial statements for the years
ended September 30, 2004 and 2003, include:
- costs for grants, subsidies, and contributions primarily with
various state and local governments and nonprofit organizations in the
amounts of $10.1 billion and $10.5 billion, respectively;
- costs for
unemployment benefits incurred by state employment security agencies
in the amounts of $41.7 billion and $53.4 billion, respectively;
- state
employer tax revenue of $30.1 billion and $24.8 billion, respectively;
- net receivables for state unemployment taxes, reimbursable employers,
and benefit overpayments of $1.1 billion and $.8 billion, respectively;
and
- reimbursements from state, local, and nonprofit reimbursable
employers for unemployment benefits paid on their behalf, in the amounts
of $2.4 billion and $2.1 billion, respectively.
Our audits included testing these costs, financing sources, and balances
at the Federal level only. Pursuant to a mandate by Congress, the examination
of these transactions below the Federal level is primarily performed by
various auditors in accordance with the Single Audit Act of 1984, as amended,
and OMB Circular A-133, Audits of States, Local Governments, and Non-Profit
Organizations. The results of those audits are reported to Federal
agencies that provide direct grants, and each Federal agency is responsible
for resolving findings for its awards.
Opinion on Financial Statements
In our opinion the aforementioned financial statements present fairly, in
all material respects, the assets, liabilities, and net position of DOL as
of September 30, 2004 and 2003; and the net cost, changes in net position,
budgetary resources, reconciliation of net cost to budgetary resources, and
custodial activity for the years then ended in conformity with accounting
principles generally accepted in the United States of America.
Other Accompanying Information
Our audits were conducted for the purpose of forming an opinion on the consolidated
and combined financial statements of DOL taken as a whole. The accompanying
financial information discussed below is not a required part of the principal
financial statements.
The supplementary information included in the Management Discussion and
Analysis, Required Supplementary Stewardship Information, and Required
Supplementary Information sections of the Performance and Accountability
Report are required by the Federal Accounting Standards Advisory Board and
OMB Bulletin No. 01-09. We have applied limited procedures, performed at
the Federal level only, which consisted principally of inquiries of management
regarding the methods of measurement and presentation of the information.
However, we did not audit the information and express no opinion on it.
The
information included in the Annual Performance Report, Financial Performance
Report, Management and Performance Challenges and the report appendices
are presented for purposes of additional analysis. Such information
has not been subjected to the auditing procedures applied in the audit of
the consolidated and combined financial statements and, accordingly, we express
no opinion on it.
Report on Internal Control
In planning and performing our audit, we considered DOL's internal control
over financial reporting by obtaining an understanding of the Department's
internal control, determined whether internal controls had been placed in
operation, assessed control risk, and performed tests of controls in order
to determine our auditing procedures for the purpose of expressing our opinion
on the financial statements. We limited our internal control testing to those
controls necessary to achieve the objectives described in OMB Bulletin No.
01-02. We did not test all internal controls relevant to operating objectives
as broadly defined by the Federal Managers' Financial Integrity Act of 1982,
such as those controls relevant to ensuring efficient operations. The objective
of our audit was not to provide assurance on internal control. Consequently,
we do not provide an opinion on internal control.
Our consideration of the internal control over financial reporting would
not necessarily disclose all matters in the internal control over financial
reporting that might be reportable conditions. Under standards issued by
the American Institute of Certified Public Accountants, reportable conditions
are matters coming to our attention relating to significant deficiencies
in the design or operation of the internal control that, in our judgment,
could adversely affect the agency's ability to record, process, summarize,
and report financial data consistent with the assertions by management in
the financial statements. Material weaknesses are reportable conditions in
which the design or operation of one or more of the internal control components
does not reduce to a relatively low level the risk that misstatements caused
by error or fraud in amounts that would be material in relation to the financial
statements being audited may occur and not be detected within a timely period
by employees in the normal course of performing their assigned functions.
Because of inherent limitations in internal controls, misstatements, losses,
or noncompliance may, nevertheless, occur and not be detected. We noted certain
matters, discussed in the following paragraphs, involving the internal control
and its operations that we consider to be reportable conditions. However,
none of the reportable conditions are believed to be a material weakness.
In addition, we considered DOL's internal control over Required Supplementary
Stewardship Information by obtaining an understanding of the agency's internal
controls, determining whether they had been placed in operation, assessing
control risk, and performing tests of controls as required by OMB Bulletin
No. 01-02. The objective of our audit was not to provide assurance on these
internal controls. Accordingly, we do not provide an opinion on such controls.
Finally, with respect to internal control relating to performance measures
included in the Performance Report, we obtained an understanding of the design
of significant internal controls relating to the existence and completeness
assertions as required by OMB Bulletin No. 01-02. Our procedures were not
designed to provide assurance on internal control over reported performance
measures, and, accordingly, we do not provide an opinion on such controls.
Reportable Conditions
Current Year Reportable Conditions
Federal Employees Compensation Act (FECA) Medical Benefit Payments
The Employment Standards Administration's (ESA) Office of Workers' Compensation
Programs (OWCP) has contracted with a third party, to perform medical bill
processing for FECA claimants. The contractor began processing medical bills
in September 2003.
Our FY 2004 audit found errors in the processing of medical bills. We tested
358 medical bills paid by the contractor during the period October 1, 2003
to March 31, 2004. Of these 358 bills, we found 35 bills (including duplicate
bills related to 5 sample items), were not paid
in the correct amount, including 24 overpayments totaling $282,577 and 11
underpayments totaling $34,658. These errors occurred because OWCP did not
have a quality assurance and internal audit plan in place prior to implementation
of the new system. Without adequate controls over the processing of medical
bill payments, OWCP cannot ensure that amounts paid are correctly calculated
in accordance with the fee schedules. As a result, medical providers have
been overpaid and underpaid, resulting in the medical benefit expense being
misstated.
Both prior to and in response to these results, management took steps to
correct some of the weaknesses identified. We performed additional testing
and found corrective actions taken by management resulted in a reduction
in payment errors in the third quarter of the fiscal year.
We recommend that the Chief Financial Officer ensure that the Assistant
Secretary for Employment Standards fully implements corrective actions that
have been proposed or initiated by OWCP, and that the accounting records
are adjusted to reflect identified misstatements. We also recommend that
the Chief Financial Officer ensure that the Assistant Secretary for Employment
Standards develops a quality assurance plan prior to migration to any significant
system or system change.
Management anticipates full implementation of corrective actions in FY 2005,
inclusive of policies for quality assurance plans for IT system migrations
and changes.
FECA Medical Bill Receivables
We noted during our FY 2004 audit that OWCP and the contractor have not
implemented a system to track and record medical bill overpayments (receivables)
as required by JFMIP Benefit System Requirements. In addition to the $282,577
of overpayments we identified during our audit, OWCP and the contractor have
identified overpayments during the course of the fiscal year, and the contractor
has set up an ad-hoc method of tracking and collecting these overpayments.
Management indicated that a delay in the implementation of the new case
management system resulted in a delay in the implementation of the Medical
Bill Receivable feature. Without an adequate receivable recovery system,
collection of receivables cannot be effectively managed and monitored,
which could result in the failure to collect recoverable amounts. In addition,
these receivables are not being captured in the Department's general ledger,
resulting in an understatement of accounts receivable.
We recommend that the Chief Financial Officer ensure that the Assistant
Secretary for Employment Standards develops and implements the receivable
system for the identification, tracking, and reporting of medical benefit
overpayments in accordance with JFMIP requirements and ensure that the accounting
records are adjusted to reflect all current receivables.
Management indicated that the case management system, inclusive of the receivable
system, will be deployed in FY 2005.
Information Technology (IT) Controls
The Department lacks strong application controls over the access to and
protection of financial information. During our application controls testing
of the DOLAR$, SPAMIS, FECS, Longshore, and PeoplePower applications that
support the financial statements, we tested controls in the following
areas: understanding of the application; application access controls;
input controls; data processing controls, including exception reporting and
problem tracking; and output controls. Specifically, we noted consistent
weaknesses across the applications tested in the following application control
areas:
- Application password settings
- User access
- Application segregation of duties
- User recertification
- Data input
- Key reports
These weaknesses occurred as a result of incomplete implementation and testing
of policies and procedures, weak segregation of duties, guidance and implementation,
system and/or resource limitations, and nonperformance of routine housekeeping
and maintenance tasks to update systems and processes as the organization
or business changes. These application control weaknesses, when taken together,
increase the risk that an individual with access to one or more of the applications
could input, process, and approve an erroneous transaction and not be detected.
We recommend the Chief Information Officer (CIO) ensure that the specific
application control weaknesses identified during the audit and reported in
the OCFO, ETA, and ESA Agency Audit reports, as well as the PeoplePower Application
Controls Audit reports, are addressed by the individual agencies, and that
the Office of the Chief Information Officer develop and/or enforce procedures
and controls to address consistent or systemic application control weaknesses
on current and future financial management systems.
The CIO generally agreed with our findings, and issued memorandums and policy
statements requesting agency priority attention and action to strengthen
application controls for DOL's major information systems.
Procurement
OASAM's procurement office processed approximately $296 million of the $622
million (48 percent) of new FY 2004 procurements for supplies and services.
We judgmentally selected 10 procurement files for review that had activity
during the fiscal year, and found that four of the files lacked sufficient
documentation and were poorly organized. As a result, management was not
able to demonstrate compliance with the sections of the FAR pertaining to
contract competition for three contracts. Also, management could not demonstrate
compliance with Federal Appropriations Law for one contract.
For the first procurement with a cumulative value of $10.3 million, the
agency could not document the original scope or that modifications totaling
over $10 million from July 1999 though February 2004 did not exceed the original
scope. In addition, the file did not contain documentation
that at least three schedule contractors were considered. In the second procurement,
we found a Blanket Purchase Agreement (BPA) with multiple holders where the
procurement file did not provide the rationale for expanding the scope of
the work without providing other BPA holders the opportunity to bid on the
work. In the third procurement, the contract file did not have any preaward
documents or a task order with the contracting officer's signature approving
the procurement. In the fourth procurement, the file did not include the
rationale for using FY 2004 appropriations for FY 2005 services. The task
order was awarded for new services that were continuing and recurring in
nature, and should have been considered severable. Performance of these services
did not begin in FY 2004 and DOL would not realize a benefit until such time
as the services were provided.
The reasons for the lack of compliance with procurement policies and procedures
were difficult to ascertain due to the change of procurement management and
staff within OASAM. However, based on the condition of the files and the
lack of critical procurement documentation, it was clear that files were
not being maintained in accordance with existing procurement policies and
procedures.
OASAM has recently changed procurement personnel and is in the process of
adopting and implementing new policies and procedures, which it believes
will ensure compliance with the FAR and DLMS and will improve record maintenance
over this important function. Management provided various documents throughout
the course of our audit as evidence that corrective actions have already
been initiated, such as training plans, compliance forms, procurement checklists,
etc.
We recommend that the Office of the Chief Financial Officer and the Assistant
Secretary for Administration and Management ensure completion of policies
that are currently being implemented to train staff, improve record maintenance,
and establish consistent procurement practices designed to promote a better
understanding and compliance with FAR and DLMS policies and procedures;
ensure development of a monitoring process to ensure compliance with FAR
and DLMS requirements; and analyzes FY 2004 obligations to determine the
extent to which funds were obligated in the wrong year and takes necessary
action to obligate the correct year.
Management concurred with the finding and recommendations, and indicated
that the procurement office is prepared to make needed improvements.
Prior Year Reportable Conditions
Job Corps Real Property
DOL owns a significant amount of real property, which is capitalized and
depreciated in the Department's accounting records, and is reported in the
Department's financial statements. We previously reported that ETA did not
sufficiently utilize the property subsidiary system, the Capitalized Assets
Tracking and Reporting System (CATARS), as a complete property management
system in accordance with the CATARS user guide. We also found that ETA did
not establish sufficient controls to ensure that Job Corps capitalized real
property was safeguarded and accurately reported in CATARS and the Department
of Labor Accounting and Related Systems (DOLAR$) general ledger.
Management concurs with the need to improve controls over Job Corps real
property and is implementing various corrective actions to ensure that both
CATARS and DOLAR$ reflect accurate and complete property balances, and that
assets are sufficiently safeguarded.
Federal Employees' Compensation Act (FECA) Compensation Payments
We previously reported that ESA's Office of Workers' Compensation Programs
(OWCP) did not have adequate controls to ensure that current medical evidence
is maintained in the case files to support the continuing eligibility of
claimants. In our FY 2004 audit, we continued to note a high error rate where
case files did not contain current medical evidence.
Management developed a corrective action plan that calls for the implementation
of a new automated system in FY 2005, which will help ensure that medical
evidence is obtained in accordance with program policy.
Information Technology (IT) Controls
The OIG previously reported the following deficiencies with regards to the
Department's IT controls:
- The Department lacks strong logical security
controls to secure the Department's data and information. Continuing
weaknesses were identified with the Department's technical security
standards and policies; logging, monitoring and response controls; system
administration procedures; and the overall security framework.
- The Department
has not coordinated comprehensive disaster recovery tests to ensure
the Department's network and applications can be recovered in the case
of a disaster. Testing conducted in FY 2004 identified that the Department's
agencies were in varying stages of disaster recovery plan development
and testing, and the Department had not coordinated disaster recovery
efforts across all agencies or conducted a Department-wide test of disaster
recovery plans. Given these conditions, there is a high likelihood that
the Department could not recover its key operations in a timely manner
in the event of a major disaster.
The CIO generally agreed with our findings and recommendations. The CIO
has made a concerted effort to address these issues, and has several planned
FY 2005 activities that build on its FY 2004 progress.
Accounting for Grants
The OIG previously reported the following deficiencies with regards to ETA's
grant accounting:
- Various accounting errors were noted in amounts recorded
for ETA's grants and contracts. In FY 2004, we continued to note errors
at both the national and regional offices. For example, at the national
level we identified that costs reported by grantees in the Enterprise Information
Management System (EIMS) grant cost module did not agree to corresponding
amounts recorded in DOLAR$, and that ETA was not sufficiently reconciling
the cost information. At the regional offices, we noted errors in
various Job Corps contracts selected for testing.
- Transfers of WIA funds
between programs are not accounted for in ETA's accounting records.
- ETA's grantees and contractors are often delinquent in submitting
required cost reports. While efforts have been made to address this
finding, our FY 2004 audit continued to note delinquent reporting.
ETA management plans to interface existing accounting systems in FY 2005,
and anticipates that the interface will significantly improve the accuracy
of grant costs recorded in DOLAR$, and has recently implemented other improvements
to address these audit findings.
Capitalized Assets
The OIG previously reported that management's capitalized asset tracking
and reporting procedures do not ensure that disposals of capitalized assets
are identified and reported in a timely and accurate manner, and that assets
are adequately safeguarded against loss or theft.
We continued to note that certain agencies within the Department were merely
removing items from CATARS that could not be found, rather than researching
to find out the actual disposition of the missing assets. In addition, dispositions
were not recorded timely but were recorded only after items were identified
as missing in the physical inventory process.
Management agreed that further controls are necessary to ensure that property
is properly managed and accounted for, and is working to correct these deficiencies.
Unemployment Insurance Benefit Overpayments
The OIG previously reported certain deficiencies in the internal controls
over Unemployment Insurance (UI) benefit payments. Specifically, the OIG
identified that UI overpayment data collected by the Benefit Accuracy Measurement
(BAM) unit reflect significantly higher overpayments than those established
as accounts receivable by the states' Benefit Payment Control (BPC) system.
We also found that there has been little change in the rate of overpayments
(about 8.5 percent) since 1989.
Management contends that the actions outlined in its corrective action plan
developed in response to this finding in prior years will eventually result
in a significant reduction in the detectable, recoverable overpayment rate.
While we recognize that management has taken certain corrective actions,
we noted that the actual UI benefit overpayment rate for 2003 did not reflect
improvement. The UI benefit overpayment rates for 2003, 2002 and 2001 were
9.3 percent, 9.1 percent, and 8.2 percent, respectively. We conclude that
additional evaluation of UI overpayments is necessary.
Management expects to see a positive impact on the rate of overpayments
from the corrective actions taken to date, as states increase the use of
tools made available by ETA, such as the use of new hire directories to detect
claimants that have returned to work.
Implementation of Managerial Cost Accounting
The OIG previously reported that DOL was not in compliance with the requirements
for managerial cost accounting (MCA) contained in Statement of Federal
Financial Accounting Standards (SFFAS) No. 4. Specifically, DOL had not defined
outputs for its operating programs nor developed the capability to routinely
report the cost of outputs at the operating program and activity levels.
Further, DOL did not adequately link cost information to performance measures
at the operating program level for use in managing program operations on
a routine basis or use managerial cost information for purposes of performance
measurement, planning, budgeting or forecasting.
Management concurred with this finding, and developed a comprehensive plan
to implement a Department-wide MCA system that complies with the requirements
of SFFAS No. 4. As of the end of FY 2004, the implementation project directed
by OCFO, with significant cooperation of agency personnel, has led to the
successful development of cost models for substantially all of DOL's agencies
and their major programs. OCFO recently certified the MCA system for processing
and completed installation of the cost accounting software throughout each
of the program agencies. In the near future, OCFO indicates that it will
complete cost model documentation and provide final training to agency personnel.
Management projects that all cost models will be updated with FY 2004 data
and be operational during the second quarter of FY 2005.
We noted other matters involving the internal control and its operations
that will be reported to the management of DOL in a separate letter.
Report on Compliance With Laws and Regulations Exclusive of the
Federal Financial Management Improvement Act of 1996 (FFMIA)
The management of the DOL is responsible for complying with laws and regulations
applicable to the Department. As part of obtaining reasonable assurance about
whether the Department's financial statements are free of material misstatement,
we performed tests of its compliance with certain provisions of laws and
regulations, noncompliance with which could have a direct and material effect
on the determination of financial statement amounts and certain laws and
regulations specified in OMB Bulletin No. 01-02, including the requirements
referred to in the FFMIA. We limited our tests of compliance to those provisions
and we did not test compliance with all laws and regulations applicable to
the DOL. Providing an opinion on compliance with those provisions was not
an objective of our audit and, accordingly, we do not express such an opinion.
The results of our tests of compliance with the laws and regulations described
in the preceding paragraph disclosed no instances of noncompliance with laws
and regulations that are required to be reported under Government Auditing
Standards and OMB Bulletin 01-02.
Report on Compliance With FFMIA
We have examined DOL's compliance with the requirements of FFMIA as of September
30, 2004. These include implementing and maintaining financial management
systems that substantially comply with: (1) financial management systems
requirements, (2) applicable Federal accounting standards, and (3) the United
States Government Standard General Ledger (SGL) at the transaction level.
Management is responsible for DOL's compliance with these requirements. Our
responsibility is to express an opinion on DOL's compliance based on our
examination.
Our examination was conducted in accordance with the attestation standards
established by the American Institute of Certified Public Accountants; Government
Auditing Standards, issued by the Comptroller General of the United
States; and OMB Bulletin No. 01-02, Audit Requirements for Federal Financial
Statements. These standards include examining on a test basis, evidence
about DOL's compliance with those requirements and performing such other
procedures as we considered necessary in the circumstances. We believe
that our examination provides a reasonable basis for our opinion. Our examination
does not provide a legal determination of DOL's compliance with specified
requirements.
In our opinion, as of September 30, 2004, DOL substantially complied with
the requirements of FFMIA.
This report is intended solely for the information and use of the management
of the U.S. Department of Labor, the Office of Management and Budget, and
Congress, and is not intended to be and should not be used by anyone other
than these specified parties.
November 15, 2004
|