Audit Results
The Judicial Council of California Has Improved Its Procurement and Vendor Payment Practices
The Judicial Council of California (Judicial Council), which conducts policymaking and administrative functions for the State’s judicial branch, appears to have improved its procurement and vendor payment practices since our last audit, which we published in December 2013.3 Unlike our previous audit, this audit found no instances in which the Judicial Council failed to use a competitive procurement process as required, incorrectly evaluated bids it received from vendors, or failed to document its justification for sole‑source procurements. In addition, we found that the Judicial Council consistently followed internal controls when processing vendor payments. As Table 2 shows, we recommended in December 2013 that the Judicial Council implement procedures to ensure that it procures goods and services in an appropriate manner. The Judicial Council has implemented or otherwise resolved three of our four recommendations and will soon implement the remaining recommendation. Specifically, Judicial Council staff demonstrated that they have been developing procurement training and indicated that they will begin providing the training before the end of 2015.
Recommendation | Current Status |
---|---|
The Judicial Council of California (Judicial Council) should implement procedures to ensure that it follows a competitive process for its procurements when required. | Resolved |
The Judicial Council should implement procedures to ensure it properly documents its noncompetitive procurement process and ensure that it prepares the appropriate documentation when it amends a contract that it has competitively bid. | Fully implemented |
The Judicial Council should provide additional training to its staff and the judicial branch entities on how to conduct procurements in compliance with the Judicial Branch Contracting Manual. | Pending |
The Judicial Council should implement procedures to ensure that its internal controls over payments are followed and that procurements are approved before ordering and receiving goods and services. | Resolved |
Source: California State Auditor’s recommendations in report 2013-302 & 2013-303: Judicial Branch Procurement: Semiannual Reports to the Legislature Are of Limited Usefulness, Information Systems Have Weak Controls, and Certain Improvements in Procurement Practices Are Needed, and our analysis of the Judicial Council’s corrective actions.
The Judicial Council Uses a Competitive Procurement Process When Required
In contrast to our December 2013 audit report, our recent audit gives us assurance that the Judicial Council consistently follows a competitive process for procuring goods and services when it is required to do so. As the Introduction discusses, the Judicial Branch Contracting Manual (judicial contracting manual) generally requires the Judicial Council and other judicial branch entities to purchase goods and services through a competitive process, with some exceptions. For example, the judicial contracting manual allows for a noncompetitive procurement process when only one vendor exists that can provide the good or service. Of the 16 procurements we reviewed for our December 2013 audit that required the Judicial Council to use a competitive process, we found one procurement in which the Judicial Council purchased $93,000 in software using a noncompetitive, sole‑source process instead of soliciting the contract competitively, as required. For our current audit, we evaluated 60 procurements executed between July 2013 and June 2015, including 23 that required competitive bidding, and we found no further instances in which the Judicial Council did not use the competitive procurement process when it was called for. As a result, we consider this issue to be resolved.
In addition, the Judicial Council corrected the deficiencies in its bid evaluation process that we identified in the 2013 audit. The judicial contracting manual prescribes processes for evaluating and awarding bids for competitive procurements, which vary depending on the types of goods or services procured and the estimated dollar amounts of the purchases. In 2013 we found that Judicial Council procurement staff improperly evaluated some bids by using the wrong evaluation criteria or by incorrectly scoring the bids. To determine whether Judicial Council staff has since followed appropriate evaluation processes, we reviewed 23 competitively bid contracts awarded from July 2013 through June 2015 and found that the Judicial Council correctly evaluated each vendor‑submitted bid according to the evaluation methodology outlined in the judicial contracting manual. For example, we reviewed a contract for third‑party administrator services for the Judicial Branch Workers’ Compensation Program, a complex set of services worth more than $2 million. Our analysis showed that the Judicial Council appropriately evaluated and scored the contract against criteria—including demonstrated experience, capabilities to perform, and cost reasonableness—named in the request for proposals and that the Judicial Council awarded the contract to the vendor that had the bid with the highest score.
Moreover, our current review found that the Judicial Council improved its execution of the noncompetitive procurement process, as compared to the process used during our previous audit. Although the judicial contracting manual generally encourages competitive procurements, it allows a noncompetitive process for certain categories of purchases, such as a sole‑source purchase from a proprietary vendor or an amendment to a competitively bid procurement. Judicial Council staff use a noncompetitive bid form to document the type of allowed noncompetitive purchase, the justification for the purchase, and, in cases where it is required, the sole‑source approver’s signature, which provides an important level of internal review to ensure that staff has used the noncompetitive procurement process only when appropriate. In our December 2013 audit report, we found that the Judicial Council did not document its justifications for sole‑source and other noncompetitive procurements for two of nine such procurements we reviewed. For example, the Judicial Council did not document the justification for its decision to procure database licenses directly from Oracle America Inc. without first conducting a competitive bidding process. We thus recommended that the Judicial Council implement a procedure that ensures that it properly documents the justifications required for noncompetitive procurement processes. In response, the Judicial Council modified its noncompetitive bid form to ensure that procurement staff documents the section of the judicial contracting manual that permits the use of the noncompetitive process.
Since implementing our recommendation to improve its process when making noncompetitive procurements, the Judicial Council has consistently and appropriately used this improved process. For our current audit, we reviewed the files for 37 noncompetitive procurements and found that the Judicial Council generally followed the improved process in each of these cases by documenting the steps it took to ensure that prices were fair and reasonable and, where necessary, by obtaining required approvals. We also found that the Judicial Council handled contract amendments appropriately by following the new guidance regarding amendments that it developed in response to our recommendation.
As a result of implementing our recommendations and otherwise improving its procurement practices, the Judicial Council has corrected the deficiencies in its practices that we found in 2013. Using these improved procurement practices will allow the Judicial Council to ensure that the prices it pays for goods and services are fair and reasonable.
The Judicial Council Follows Its Payment Process
Accounting staff are correctly following the Judicial Council’s payment process, and any error related to vendor payments that we observed in our previous audit did not resurface during our current audit. For this reason, we consider the prior recommendation related to this issue to be resolved. In 2013 we found that a member of the Judicial Council’s executive staff made a $500 purchase before completing a purchase order and obtaining approval, contrary to the requirement in the judicial contracting manual. However, after reviewing 60 payments made between July 2013 and June 2015, we found no further instances in which the invoice date preceded the date that appropriate staff approved the associated purchase order. As Figure 2 indicates, the Judicial Council’s payment process requires accounting staff to review procurement documentation, including the approved purchase order, before initiating the payment process. When followed correctly, this process prevents unapproved purchases from occurring. For all 60 goods and services purchases that we evaluated in 2015, the Judicial Council consistently followed its process, and appropriate accounting staff approved each purchase order. Finally, we analyzed the Judicial Council’s additional controls over the payment process, such as ensuring that the staff person who authorizes payment is different from the staff person who enters the invoice information into the financial accounting system, and we found no exceptions: in each instance, the Judicial Council complied with the control. Consequently, we consider this issue to be resolved.
Figure 2
The Judicial Council of California’s Payment Process
Sources: The Judicial Branch Contracting Manual and written descriptions provided by a supervising accountant in the Judicial Council of California’s accounting services unit.
The Judicial Branch Contracting Manual Is Largely Consistent With the State’s Policies, but It Could Benefit From One Important Update
The Judicial Council’s judicial contracting manual is generally consistent with state contracting requirements with one exception: it does not include standards related to the minimum fuel economy of purchased vehicles. Specifically, we found that the Judicial Council should update its contracting manual to reflect a May 2015 revision in the State Administrative Manual (SAM) that requires specific fuel economy standards for vehicles purchased by all state entities, including the judicial branch. As discussed in the Introduction, state law requires the Judicial Council to follow contracting requirements that are consistent with the California Public Contract Code and substantially similar to the SAM and the State Contracting Manual (SCM). The judicial contracting manual contains many important procurement standards found in the California Public Contract Code, the SAM, and the SCM. For example, the judicial contracting manual generally requires that judicial branch entities conduct competitive procurements in a manner that promotes open, fair, and equal competition among prospective bidders. It also requires the judicial entity employees responsible for procurement activities to be different from the employees responsible for payment approvals, and it requires judicial branch entities to advertise certain types of bid solicitations. Each of these elements helps to promote a fair, transparent procurement process that provides some assurance that the Judicial Council is spending its funds prudently when obtaining needed goods and services.
To be certain that the judicial contracting manual reflects the most current contracting requirements, we identified every revision to the California Public Contract Code, the SAM, and the SCM that occurred between January 2013 and June 2015. Of the 69 total revisions, most did not apply to the judicial branch. In these cases the changes applied specifically to entities other than those in the judicial branch, or they concerned construction projects, which state law allows the judicial contracting manual to omit. In a few cases, a change did apply to the judicial branch but consisted of only a slight wording change to an existing provision of law or policy. In such instances we did not believe it was necessary for the Judicial Council to incorporate these minor changes into the judicial contracting manual.
However, we identified one change to the SAM that the Judicial Council and other judicial branch entities should incorporate into their procurement practices, and that does not appear in the judicial contracting manual that generally guides these practices. Specifically, the Department of General Services (General Services) revised the SAM in May 2015 to update the minimum fuel economy standards for state vehicle purchases. The minimum fuel economy standards—which state law requires General Services to establish—generally apply to vehicle purchases by all state entities, including the judicial branch. The Legislature enacted this law to achieve its policy objectives of fully evaluating and minimizing the economic and environmental costs of petroleum use by state agencies. The July 2015 update to the judicial contracting manual neither contains nor references these fuel economy standards. The Judicial Council did not purchase any vehicles between July 2015 (the effective date of the new standards) and September 2015 (the end of our fieldwork); nonetheless, the judicial contracting manual needs to reflect the SAM’s updated fuel economy standards to ensure that vehicles purchased in the future meet the standards. A supervising attorney for the Judicial Council confirmed that Judicial Council staff would propose an amendment to the next revision of the judicial contracting manual to address the minimum fuel economy standards. In addition, on December 1, 2015 the Judicial Council sent a memo to all judicial branch entities describing the new minimum fuel economy standards.
Finally, the Judicial Council has incorporated information into the judicial contracting manual that was missing during our prior audit. Specifically, we reported in our December 2013 audit report that the August 2012 version of the judicial contracting manual did not contain necessary information and updates about the Small Business preference and Disabled Veteran Business programs found in the California Public Contract Code. By including this information in the judicial contracting manual, the Judicial Council eliminated the inconsistency with the California Public Contract Code and better ensures that the judicial branch has greater awareness of these requirements and how best to follow them.
The Judicial Council’s Local Contracting Manual Contains All Required Information
The Judicial Council’s local contracting manual (local manual) includes all of the information that the judicial contracting manual states that it must address. The California Judicial Branch Contract Law (judicial contract law) requires that the Judicial Council adopt a local manual. The judicial contracting manual requires the local manual to include certain information that is specific to the Judicial Council’s procurement practices and that does not appear in the judicial contracting manual. For example, the judicial contracting manual requires that local manuals identify the individuals with the responsibility and authority for procurement and contracting activities. The Judicial Council has not updated the original local manual that it created in 2011. However, we determined that the 2011 local manual includes all of the requirements that the latest judicial contracting manual—the version updated in July 2015—states that the local manual must contain. Thus, although it has been more than four years since the Judicial Council created its local manual, we did not find a pressing need for it to update the local manual at this time.
In addition, the Judicial Council corrected a previous inconsistency between its local manual and the judicial contracting manual. As we reported in our December 2013 audit report, the Judicial Council’s local manual does not include a discussion of construction activities for non‑trial court facilities, such as appellate courthouses. We expected the local manual to include such a discussion because the 2012 version of the judicial contracting manual indicated that the Judicial Council’s local manual would incorporate information on design, construction, acquisition, and other activities for non‑trial court facilities. However, in January 2014, the Judicial Council eliminated the text from the judicial contracting manual that states that this information will appear in the local manual. We agree that this was an appropriate way to resolve the discrepancy between the two manuals. Maintaining consistency between the local manual and the judicial contracting manual better enables users of these procurement resources to locate and understand information regarding procurement and contracting requirements.
Although Its Procurement Information Is Now Available in a Useful Electronic Format, the Judicial Council Still Needs to Strengthen Controls Over Its Information Systems
The Judicial Council continues to have weak controls over its information systems. In our December 2013 audit report we found that the Judicial Council and superior courts did not have well‑developed plans, policies, and procedures related to information systems controls. Consequently, we recommended that the Judicial Council implement improvements to its information system controls and ensure the superior courts improve their general and business process application controls, as described in Table 3. Although the Judicial Council adopted a framework of information systems controls in June 2014 and provided this framework to the superior courts, fundamental weaknesses in the Judicial Council and superior courts’ information system controls remain. However, the Judicial Council has implemented our recommendation to improve the usefulness of its semiannual reports by providing data in an electronic format that end users can filter or sort according to their needs. Specifically, the report’s users can sort or filter entries by vendor name, type of commodity, or value of the procurement, among other attributes.
Recommendation | Current Status |
---|---|
The Judicial Council of California (Judicial Council) should implement best practices related to general and business application controls as outlined in the U.S. Government Accountability Office’s Federal Information System Controls Audit Manual and immediately begin implementing improvements to its controls over access to its information systems. It should provide guidance and routinely follow up with the superior courts to ensure that they make the necessary improvements to their general and business process application controls. | Not fully implemented |
The Judicial Council should provide the semiannual reports in an electronic format that can be read by common database and spreadsheet software products that allow users to readily sort and filter the data. | Fully implemented |
Source: California State Auditor’s recommendations in report 2013-302 & 2013-303: Judicial Branch Procurement: Semiannual Reports to the Legislature Are of Limited Usefulness, Information Systems Have Weak Controls, and Certain Improvements in Procurement Practices Are Needed, and our analysis of the Judicial Council’s corrective actions.
Although the Judicial Council Has Made Some Progress, Weaknesses Persist in the Controls Over Its Information Systems
After nearly two years, the Judicial Council still has not fully implemented the controls required to address the pervasive weaknesses in its information systems, and it could not provide a projected date for full implementation. During our 2013 audit of the Judicial Council and other judicial branch entities, such as the courts of appeal, we found that the Judicial Council and superior courts did not have well‑developed plans, policies, and procedures related to information system controls. Further, some of the Judicial Council’s plans related to information system controls were nonexistent, and in one case the Judicial Council had not updated a particular plan since 1997. Although the Judicial Council adopted a framework of information system controls in June 2014, fundamental weaknesses in its general controls remain. Further, the Judicial Council continues to identify weaknesses in the information system controls at the superior courts. The results of our review indicate that there is an unacceptably high risk that data from the applications the Judicial Council and superior courts currently use to perform their day‑to‑day operations could lead to an incorrect or inappropriate conclusion. Therefore, we determined that the Oracle Financial System and the Phoenix Financial System data were not sufficiently reliable for the purposes of reporting procurement activities to the Legislature or to the state auditor. Moreover, the weaknesses identified—which we do not divulge because of their sensitive nature—continue to compromise the security and availability of these information systems, which contain confidential or sensitive information, such as court case management records, human resources data, and financial data.
The Judicial Council uses procurement data from the Oracle Financial System and the Phoenix Financial System to generate the semiannual reports it provides to the Legislature and state auditor. The Judicial Council further uses the Oracle Financial System to issue purchase orders and record certain procurement activity, whereas the superior courts use the Phoenix Financial System to perform these same two functions. In December 2013 we found that the Judicial Council had pervasive weaknesses in the controls over its information systems, and we consequently recommended that it implement all of the best practices related to general and business process application controls outlined in the U.S. Government Accountability Office’s Federal Information System Controls Audit Manual no later than December 31, 2014. As the Introduction explains, general controls are the policies and procedures that apply to all or a large segment of the Judicial Council’s information systems and help ensure their proper operation. In response to our recommendation the Judicial Council adopted a framework of information system controls in 2014 and asserted that it has since been working to implement this framework. However, the Judicial Council identified that fundamental gaps exist in its implementation of this framework in key general control categories. Examples of these categories include security management, which is a reflection of senior management’s commitment to addressing security risks and developing security policies; and access controls, which are logical and physical controls that limit or detect inappropriate access to computer resources, such as data, programs, equipment, and facilities.
To further address our recommendation from 2013, the Judicial Council, in a February 2015 public meeting, approved the submission of a budget change proposal to the California Department of Finance seeking additional funding for information system control enhancements. Despite this request, the Judicial Council did not receive additional funding for this purpose in the 2015–16 annual budget act. The Judicial Council voted again in August 2015 to approve the submission of a budget change proposal to fund enhancements of its information systems. The Judicial Council’s chief administrative officer stated that without additional funding, its implementation of the 2013 audit report recommendations related to general and business process application controls will remain at the same priority level and continue to receive the same level of resources. Further, he stated that without additional funding, he could not determine when the Judicial Council will fully implement the general and business process application controls. Nonetheless, we question whether other available resources could be used for this purpose. The Judicial Council’s prolonged implementation of information system controls and the pervasive weaknesses in the existing controls continues to expose the security and availability of its information systems to compromise. These information systems contain confidential or sensitive information such as court case management records, human resources data, and financial data.
We also reviewed information system controls over the Judicial Council’s Phoenix Financial System. As previously discussed, the superior courts use the Phoenix Financial System to issue purchase orders and record certain procurement activity. Between December 2013 and June 2015 the Judicial Council published audit reports of nine superior courts—each of which had issues related to information system controls. In response to our December 2013 report recommendation that the Judicial Council provide guidance and routinely follow up with the superior courts to ensure that they make the necessary improvements to their general and business process application controls, the Judicial Council provided its framework of information system controls to superior courts and is developing guidance on how to use the framework. Further, the Judicial Council established an annual process to follow up on outstanding audit issues. According to the Senior Manager of Audit Services, the Judicial Council categorizes outstanding audit issues based on level of risk and exposure to assist the courts in allocating resources and addressing areas of risk, and to identify the areas in which the courts need guidance or may need additional resources. Although the Judicial Council has made some progress in providing guidance to superior courts, it has continued to identify pervasive weaknesses in the superior courts’ information system controls—which may expose the security and availability of superior courts’ information systems to compromise.
The Judicial Council Now Provides Reports on Its Procurements and Contracts in a Sortable Electronic Format
The Judicial Council implemented our recommendation to provide semiannual reports in an electronic format that allows users to readily sort and filter the data, thus increasing the effectiveness of these reports as an oversight tool. The judicial contract law requires the Judicial Council to provide a report to the Joint Legislative Budget Committee and the California State Auditor twice each year that lists all vendors or contractors receiving payments from any judicial branch entities for the previous six‑month reporting period. Our December 2013 audit report recommended that the Judicial Council provide these reports in an electronic format that can be read by common database and spreadsheet software products that allow users to readily sort and filter data. Subsequently, in February 2014, the Judicial Council began posting the semiannual reports in such a format on its website. We downloaded and reviewed these reports and found them to be easily opened, read, sorted, and filtered with commercial spreadsheet software. As a result, users can now readily identify information of interest to them. For example, someone interested in the amount the Judicial Council has recently spent on consulting contracts could tally up the total payments made to all consultants under contract to the Judicial Council during the most recent reporting period. He or she could also track this type of spending over time to determine whether the Judicial Council is increasing or decreasing its reliance on consultants.
Recommendations
The Judicial Council should update its judicial contracting manual to include the required minimum fuel economy standards for the judicial branch’s vehicle purchases.
The Judicial Council should develop a corrective action plan by February 29, 2016, to address the recommendation from our December 2013 audit report related to the controls over its information systems. The corrective action plan should include prioritizing the tasks, resources, primary and alternative funding sources, and milestones for all of the actions required to fully implement its framework of information system controls by June 2016. Further, the Judicial Council should continue to provide guidance and routinely follow up with the superior courts to assist with their effort to make the necessary improvements to their information system controls.
We conducted this audit under the authority vested in the California State Auditor by Section 8543 et seq. of the California Government Code and according to generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives specified in the Scope and Methodology section of the report. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.
Respectfully submitted,
ELAINE M. HOWLE, CPA
State Auditor
Date:
December 10, 2015
Staff:
Benjamin M. Belnap, CIA, Deputy State Auditor
Whitney M. Smith
Oswin Chan, MPP, CIA
Taylor William Kayatta, JD, MBA
IT Audit Support:
Michelle J. Baur, CISA, Audit Principal
Lindsay Harris, MBA
Ben Ward, CISA, ACDA
Legal Counsel:
Amanda Saxton, Senior Staff Counsel
For questions regarding the contents of this report, please contact Margarita Fernández, Chief of Public Affairs, at 916.445.0255.
Footnotes
3 Judicial Branch Procurement: Semiannual Reports to the Legislature are of Limited Usefulness, Information Systems Have Weak Controls, and Certain Improvements in Procurement Practices Are Needed, Report 2013‑302 and 2013‑303, December 2013. Go back to text