Report 2020-001.1
February 2, 2022

State of California
Internal Control and Compliance Audit Report
for the Fiscal Year Ended June 30, 2020

February 2, 2022
2020-001.1

The Governor of California
President pro Tempore of the Senate
Speaker of the Assembly
State Capitol
Sacramento, California 95814

Dear Governor and Legislative Leaders:

As required by Government Code section 8543 et seq., the California State Auditor’s Office presents its audit report concerning our review of the State of California’s internal controls and compliance with state regulations for the fiscal year ended June 30, 2020.

This report is an integral part of an audit performed in accordance with Government Auditing Standards in considering the State’s internal control and compliance based on our audit of the State’s basic financial statements. We identified four deficiencies in internal control over financial reporting that we consider to be material weaknesses, and two other deficiencies that we consider to be significant. Deficiencies in the State’s internal control system could adversely affect its ability to provide accurate financial information.

Respectfully submitted,

MICHAEL S. TILDEN, CPA
Acting California State Auditor




Report on Internal Control over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance With Government Auditing Standards

Independent Auditor's Report

The Governor and the Legislature of the State of California

We were engaged to audit, in accordance with the auditing standards generally accepted in the United States of America and the standards applicable to financial audits contained in Government Auditing Standards issued by the Comptroller General of the United States, the financial statements of the governmental activities, the business‑type activities, the aggregate discretely presented component units, each major fund, and the aggregate remaining fund information of the State of California as of and for the year ended June 30, 2020, and the related notes to the financial statements, which collectively comprise the State of California’s basic financial statements, and have issued our report thereon dated January 26, 2022. Our report disclaims an opinion on the Unemployment Programs Fund, and qualifies the opinions on Business‑Type Activities and the Federal Fund, for the following reasons.

The Employment Development Department had inadequate internal control over its accounting of money it received and spent related to unemployment benefits. As a result, the department was unable to provide complete and accurate accounting information supporting transfers from the Federal Fund to the Unemployment Programs Fund and the amount of expenditures associated with the State’s unemployment program and with federally‑funded unemployment programs. The condition of the department’s records did not permit us, nor was it practicable to extend other auditing procedures, to obtain sufficient appropriate audit evidence to conclude that Due to Other Funds, Loans Payable and Distributions to Beneficiaries are free of material misstatement. As a result of this matter, we were unable to determine whether further audit adjustments to these accounts were necessary. The issues described above also contributed to material misstatements of $1 billion in Unemployment and Disability Insurance Revenue and $1.4 billion in Operating Transfers In that the department could not correct.

These issues also affect Business‑Type Activities. Therefore, we were unable to obtain sufficient appropriate audit evidence about the Unemployment Programs Fund balances that represent 24 percent of Internal Balances, 100 percent of Loans Payable, and 100 percent of Unemployment Programs Expenses within Business‑Type Activities. Similarly, there are material misstatements of $1 billion in Unemployment Programs Revenues and $1.4 billion in Transfers that the Employment Development Department could not correct.

Lastly, the department’s inadequate internal control also affected the financial statements of the Federal Fund, which the department uses to report activities related to federally‑funded unemployment programs. For this reason, the department was unable to provide complete and accurate accounting information supporting revenue and benefit payments. In addition, the department used incomplete data to calculate adjustments related to potentially fraudulent unemployment claims. We were therefore unable to obtain sufficient appropriate evidence about these adjustments. Together, these issues affected department balances representing 30 percent of Due From Other Governments, 100 percent of Benefits Payable, 29 percent of Intergovernmental Revenues, and 33 percent of Health and Human Services Expenditures within the Federal Fund. As a result of these matters, we were unable to determine whether further audit adjustments to these accounts were necessary.

Our report includes a reference to other auditors who audited the financial statements of the following, as described in our report on the State of California’s financial statements.

Government‑wide Financial Statements

  • Certain governmental funds that, in the aggregate, represent one percent of the assets and deferred outflows, and less than one percent of the revenues of the governmental activities.
  • Certain enterprise funds that, in the aggregate, represent 86 percent of the assets and deferred outflows, and 57 percent of the revenues of the business‑type activities.
  • The University of California and the California Housing Finance Agency that represent 93 percent of the assets and deferred outflows, and 95 percent of the revenues of the discretely presented component units.

Fund Financial Statements

  • The following major enterprise funds: Electric Power fund, Water Resources fund, State Lottery fund, and California State University fund.
  • The Golden State Tobacco Securitization Corporation, the Public Building Construction, the Public Employees’ Retirement, the State Teachers’ Retirement, the State Water Pollution Control Revolving, the Safe Drinking Water State Revolving, and the 1943 Veterans Farm and Home Building funds, that represent 83 percent of the assets and deferred outflows, and 45 percent of the additions, revenues and other financing sources of the aggregate remaining fund information.
  • The discretely presented component units noted above.

This report does not include the results of the other auditors’ testing of internal control over financial reporting or compliance and other matters that are reported on separately by those auditors. The financial statements of the Golden State Tobacco Securitization Corporation, the Public Building Construction Fund, the State Lottery Fund, and the Campus Foundations of the University of California, which represent 12 percent of the university’s total assets and deferred outflows of resources and 5 percent of its revenues, were not audited in accordance with Government Auditing Standards.

Internal Control over Financial Reporting

In connection with our engagement to audit the financial statements, we considered the State of California’s internal control over financial reporting (internal control) as a basis for designing audit procedures that are appropriate in the circumstances for the purpose of expressing our opinions on the financial statements, but not for the purpose of expressing an opinion on the effectiveness of the State of California’s internal control. Accordingly, we do not express an opinion on the effectiveness of the State of California’s internal control.

Our consideration of internal control was for the limited purpose described in the preceding paragraph and was not designed to identify all deficiencies in internal control that might be material weaknesses or significant deficiencies and therefore, material weaknesses or significant deficiencies may exist that have not been identified. However, as described in the accompanying section entitled Internal Control and Compliance Issues Applicable to the Financial Statements and State Requirements, we did identify certain deficiencies in internal control that we consider to be material weaknesses and significant deficiencies.

A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. A material weakness is a deficiency, or a combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis. We consider the deficiencies described in the accompanying section entitled Internal Control and Compliance Issues Applicable to the Financial Statements and State Requirements as items 2020‑1, 2020‑2, 2020‑3, and 2020‑4 to be material weaknesses.

A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. We consider the deficiencies described in the accompanying section entitled Internal Control and Compliance Issues Applicable to the Financial Statements and State Requirements as items 2020‑5 and 2020‑6 to be significant deficiencies.

Compliance and Other Matters

In connection with our engagement to audit the financial statements of the State of California, we performed tests of its compliance with certain provisions of laws, regulations, contracts, and grant agreements, noncompliance with which could have a direct and material effect on the financial statements. However, providing an opinion on compliance with those provisions was not an objective of our audit, and accordingly, we do not express such an opinion. The results of our tests disclosed no instances of noncompliance or other matters that are required to be reported under Government Auditing Standards. Additionally, if the scope of our work had been sufficient to enable us to express an opinion on the Unemployment Programs Fund, instances of noncompliance or other matters may have been identified and reported herein.

State of California’s Response to Findings

The State of California’s responses to the findings identified in our audit are described in the accompanying section entitled Internal Control and Compliance Issues Applicable to the Financial Statements and State Requirements. The State of California’s responses were not subjected to the auditing procedures applied in the audit of the financial statements and, accordingly, we express no opinion on them.

Purpose of this Report

The purpose of this report is solely to describe the scope of our testing of internal control and compliance and the results of that testing, and not to provide an opinion on the effectiveness of the State of California’s internal control or on compliance. This report is an integral part of an audit performed in accordance with Government Auditing Standards in considering the State of California’s internal control and compliance. Accordingly, this communication is not suitable for any other purpose.

CALIFORNIA STATE AUDITOR

MICHAEL S. TILDEN, CPA
Acting California State Auditor

Sacramento, California

January 26, 2022






STATE OF CALIFORNIA
SCHEDULE OF FINDINGS FOR THE FISCAL YEAR ENDED JUNE 30, 2020

Summary of Auditor's Results

Financial Statements

Type of auditor’s report issued Disclaimer of opinion for Unemployment Programs Fund, Qualified opinions for Business‑Type Activities and the Federal Fund, and Unmodified opinions for all other opinion units
Internal control over financial reporting:
Material weaknesses identified? Yes
Significant deficiencies identified that are not considered to be material weaknesses? Yes
Noncompliance material to financial statements noted? No











Reference Number: 2020-1

Condition:

The Employment Development Department (EDD) did not adequately adjust its financial accounting processes to identify and record activity related to billions of dollars of pandemic unemployment program funding, resulting in potential material misstatements in its year‑end financial reports. These conditions, and those noted in finding 2020‑2 related to EDD, led to a delay in the publication of the State’s Annual Comprehensive Financial Report (ACFR) and to the modified opinions we express on the Unemployment Programs Fund, Federal Fund, and Business‑Type Activities in the ACFR. As we noted in our January 2021 report, Significant Weaknesses in EDD’s Approach to Fraud Prevention Have Led to Billions of Dollars in Improper Benefit Payments, Report 2020‑628.2, the federal government passed legislation in March 2020 in response to the COVID‑19 pandemic, which provided unemployment benefits to supplement California’s existing unemployment insurance (UI) program and expanding benefits to include individuals who were not eligible for regular unemployment benefits. California’s statewide unemployment rate rose from 4.3 percent in February 2020 to 16.2 percent by April 2020. The dramatic increase in unemployment and the expansion of unemployment benefits created a surge in unemployment claims after California’s statewide stay‑at‑home order went into effect on March 19, 2020.

Along with the claim surge came delays in the processing of benefit payments, because EDD was overwhelmed by the extraordinary number of claims. EDD considers claims to be backlogged when it fails to process them within 21 days of their submission. According to data from the U.S. Department of Labor, for regular UI claims filed from April through September 2020, EDD provided 80 percent of claims with a first payment within 21 days—leaving more than 800,000 claimants in the regular UI program waiting for more than 21 days to receive their first payment. The sudden and massive increase in UI claims and the significant expansion of eligibility for benefits also made the UI program vulnerable to fraud. In January 2021, EDD publicly acknowledged that between March 2020 and mid‑January 2021, it paid tens of billions on fraudulent or potentially fraudulent claims. Further, the chief of EDD’s fiscal programs division said that the department was still struggling with its transition to the State’s new accounting system (FI$Cal), and it lacked historical knowledge and established processes and procedures to account for the new pandemic‑related programs.

When preparing its year‑end financial reports for fiscal year 2019–20, EDD did not consider the effects of the issues noted above on its financial reporting requirements. For example, it did not revise its methodology for calculating unemployment benefits owed to claimants at the end of fiscal year 2019–20, thereby increasing the likelihood of material misstatements to expenses and liabilities in the Unemployment Insurance Fund and to expenditures, liabilities, revenues, and receivables in the Federal Fund. EDD’s historical methodology for calculating the amount of benefits owed, which assumes amounts owed will be paid shortly after year‑end rather than over an extended period as would happen with a backlog, estimated a liability of only about $4.1 billion. However, this estimate turned out to be a fraction of the amount EDD paid after year‑end related to fiscal year 2019–20 claims. After we shared our concerns with EDD, it revised its methodology to identify all fiscal year 2019–20 related benefit payments that it actually made in the following fiscal year. EDD subsequently determined that it paid $25.4 billion in fiscal year 2019–20 UI benefits after year‑end, mostly related to federal unemployment programs. According to EDD’s fiscal programs division chief, the department believed that its existing benefits payable methodology was sufficient. He said that it did not initially consider how the payment backlog would affect the flow of payments after the end of the fiscal year and the corresponding accruals, which include those for expenses, benefits payable, revenues and amounts due from the federal government. If EDD had continued to follow its historical methodology, numerous account balances in the State’s ACFR would have been materially affected.

Similarly, EDD did not initially consider the impact of payments made on potentially fraudulent claims on its financial reporting, especially for the Federal Fund. The significant increase in fraud that EDD acknowledged was particularly significant for programs that are federally funded because money received related to payments made on potentially fraudulent claims must be reported differently. For federal unemployment programs, claims must meet specific eligibility requirements for EDD to record reimbursements for those amounts as revenue in the State’s financial statements. If eligibility requirements have not been met, any related reimbursements must be reported as a liability due back to the federal government. Additionally, payments for potentially fraudulent claims made after the end of the fiscal year do not represent a valid liability. Consequently, EDD should offset its accrual for unemployment benefits payable by the amount of potentially fraudulent claims. EDD ultimately adjusted its financial statements to account for more than $10 billion in payments made after year‑end for potentially fraudulent fiscal year 2019–20 claims, and it recorded a $2 billion liability for potentially fraudulent federal program claims paid during fiscal year 2019–20. Nevertheless, our testing related to EDD’s calculation led us to conclude that its adjustment related to potential fraud is understated because of an incomplete method for identifying the potentially fraudulent claims it paid. Based on our testing, we estimate that the number of fraudulent claimants who received payments could be 17.5 percent higher than the number identified by EDD. Consequently, federal revenues, expenditures, and related amounts due from the federal government and due to benefit claimants are potentially misstated by material amounts. EDD’s fiscal programs division chief stated that the department was not aware of the need to make adjustments to offset payments made to ineligible claimants. However, we believe that EDD should have considered the need to revise its methodology because of the abnormal conditions related to its claims backlog and high volume of potentially fraudulent claims.

Further, EDD did not adequately account for the funding it obtained from the federal government to pay for unemployment benefits. During the initial months of the pandemic, the federal government began providing money to expand eligibility for unemployment benefits and to increase weekly benefit amounts. Consequently, EDD needed to properly distinguish between amounts it drew down and spent related to new federal programs versus amounts it drew down related to the regular state‑funded unemployment program. In addition, the State’s cash reserve for its program was eliminated during the last quarter of fiscal year 2019–20, creating the need for it to borrow from the federal government to continue making state program payments. Nevertheless, EDD did not adequately account for either of these types of transactions, resulting in unsupported adjustments to its account balances and contributing to potential material misstatements in its year‑end financial reports related to revenues, expenditures, and transfers.

EDD’s fiscal programs division chief stated that in the wake of the pandemic, the department focused on making payments to claimants and that the appropriate recording of these payments was not initially taken into consideration. He stated that the situation was further complicated by the creation of new federal pandemic unemployment programs and the State’s unemployment insurance trust becoming insolvent. He added that department staff lacked historical knowledge on how to account for significant federal money because EDD had not experienced this type of activity since the Great Recession. Furthermore, he said that because of the department’s transition to FI$Cal during the prior fiscal year, EDD did not have established processes and procedures to guide staff on the proper accounting for these types of transactions. Nevertheless, we believe that EDD must be adequately prepared to address and account for new federal programs and borrowing before they occur because of their recurring nature. The conditions described above and in finding 2020‑2 contributed to the State issuing a late ACFR and to the modified opinions we issued on the Unemployment Programs Fund, the Federal Fund, and Business‑Type Activities within the ACFR.

Finally, EDD did not report in the prior fiscal year an accounts receivable balance related to disability and unemployment benefit overpayments that take longer than 12 months to collect. However for fiscal year 2019–20, EDD updated its accrual methodology to appropriately estimate such a noncurrent component. In doing this, it also estimated a noncurrent balance at June 30, 2019, of $639 million. Consequently, EDD reported a prior period restatement that increased the Unemployment Programs Fund’s beginning fund balance for fiscal year 2019–20 by $639 million.

Criteria:

Government Code section 12461 requires the State Controller to issue an ACFR that is prepared in accordance with generally accepted accounting principles (GAAP). The State Controller provides guidance to departments on the preparation of their year‑end financial statements in its Year‑End Financial Reports Procedures Manual. To prepare the State’s ACFR, the State Controller annually requests that departments submit expense accruals for the funds they manage.

State Administrative Manual section 7974.1 requires that expenditure balances be reported by Catalog of Federal Domestic Assistance number and program title.

GAAP requires enterprise funds, such as the State’s Unemployment Fund, to be accounted for on a full accrual basis. Specifically, expenditures must be recognized in the accounting period in which they are incurred. Additionally, federal funding—reported by the State in its Federal Fund—should only be recognized as revenue after all applicable eligibility requirements are met.

Recommendations:

EDD should develop a risk assessment process that it conducts before preparing its year‑end financial reports to ensure that it addresses significant changes in its operating environment that could impact its financial reporting.

EDD should adopt written procedures that instruct its staff to evaluate whether existing methodologies for preparing GAAP entries adequately account for current risks and conditions.

EDD should provide staff responsible for preparing GAAP entries appropriate training to equip them with the knowledge required to prepare complete and accurate financial reports.

EDD should develop written processes and procedures necessary for the proper recording and reporting of federal loans for the state program and additional funding for federal unemployment programs associated with periodic economic downturns and resulting increases in unemployment levels.

EDD should reconcile its draw‑down activity to its accounting records and expenditure detail to ensure that it is properly recording and reporting state unemployment program funds, federal unemployment program funds, and state unemployment program borrowing activity for fiscal year 2019–20.

Department’s View and Corrective Actions:

EDD agrees with the finding and recommendations. The department described its initial reliance on its historical method for calculating benefits payable, its repeated efforts to develop an estimate related to potentially fraudulent payments, and its difficulties in properly recording the amounts it drew down related to state and federal programs and loans. It said it will develop a risk assessment process to help identify issues that could impact financial reporting, document process changes that came about during the fiscal year 2019–20 audit, including the reevaluation of existing methodologies, and provide appropriate training to its staff. Finally, the department said that it will identify methodologies for properly recording federal loans and federal program funding, and that it is researching issues that came up during fiscal year 2019–20 to identify transactions that need to be adjusted.





Reference Number: 2020-2

Condition:

In fiscal year 2018–19, we reported that numerous departments using the Financial Information System for California (FI$Cal) for financial reporting did not complete bank reconciliations or reconcile their accounts to the State Controller’s Office’s (State Controller) records in a timely manner. Furthermore, many departments submitted late year‑end financial reports to the State Controller, which delayed the completion of our audit procedures and publication of the State’s Annual Comprehensive Financial Report (ACFR). During fiscal year 2019–20, we found that although some departments have made progress in performing monthly reconciliations, many are still struggling to perform them on time. As a result, departments continue to submit late year‑end financial reports, which has again delayed publication of the ACFR. For example, the Department of Health Care Services (DHCS) and the California Department of Resources Recycling and Recovery (CalRecycle), did not fully reconcile their banking activity prior to submitting their year‑end financial reports. Moreover, the Employment Development Department (EDD) continued to perform bank reconciliations for two of its Centralized State Treasury System (CTS) accounts to a legacy accounting system rather than to FI$Cal, which it uses to prepare its year‑end financial reports.

In addition to preparing bank reconciliations, departments must reconcile their accounts to the records of the State Controller. Similar to the prior year, we found that 17 departments of material importance to the State’s overall financial reporting did not perform these monthly reconciliations in a timely manner during fiscal year 2019–20, and the reconciliations prepared by EDD contained significant, unsupported accounting entries that rendered them unreliable. Both types of reconciliations constitute important internal controls because they enable departments to detect fraud and to identify and resolve errors or omissions in the financial information that is ultimately reported in the State’s ACFR. The deficiencies in EDD’s reconciliations to the records of the State Controller contributed to our issuance of modified opinions on the Unemployment Programs Fund, Federal Fund, and Business Type Activities.

Similar to the prior year, DHCS did not fully reconcile its banking activity before submitting its year‑end financial reports to the State Controller for fiscal year 2019–20. Although DHCS’s financial management division’s accounting administrator stated that it was the department’s goal to do so, the department ultimately decided to rely again on other sources to ensure the accuracy of its financial reports. These other sources included reconciliations to accounts maintained by the State Controller, the FI$Cal year‑end processes, and the State Controller’s year‑end instructions. However, as we stated in the prior year finding, although these other reconciliations, processes, and instructions are important to ensuring the quality of the financial reports, they do not address the unique role departments play in the collection and reporting of accurate cash receipts. DHCS stated that its challenges during the fiscal year centered on the need to make further progress on its outstanding fiscal year 2018–19 reconciliation, because it was affecting the balances on its fiscal year 2019–20 reconciliation. Although DHCS has since substantially reconciled its bank activity for both fiscal years, thereby mitigating the risk of a material misstatement to the financial statements, neither year’s activity is fully reconciled.

Similar to DHCS, CalRecycle submitted its fiscal year 2019–20 year‑end financial reports to the State Controller before completing its June 2020 bank reconciliation, in this case three months earlier. It also similarly stated that it relied upon other reconciliations, such as the reconciliation to accounts maintained by the State Controller, to ensure the accuracy of its financial reports. However, this does not mitigate the risk that an incomplete bank reconciliation poses to the financial reports. CalRecycle’s chief accounting officer stated that the department had lost a significant number of staff who were critical to the reconciliation process, and that caused the department to fall behind. He said that although these positions were filled after fiscal year‑end, the department was further delayed as it trained these new staff. Furthermore, he said that given the evolving nature of the FI$Cal system, the department is still improving its training and accounting procedures, which will allow it to complete these reconciliations in a timely manner.

EDD’s failure to perform bank reconciliations to its FI$Cal accounting records for two CTS accounts it uses to pay unemployment and disability benefits to recipients represents the breakdown of a key internal control over disbursements. Because the Unemployment Program provides cash benefits to unemployed individuals, errors in the recording of benefit payments affect the accuracy of EDD’s financial reports. We obtained additional information from EDD to perform other procedures to ensure that the overall CTS account activity contained within its FI$Cal accounting records was not materially affected by this internal control failure. EDD’s fiscal programs division chief stated that the department did not reconcile to FI$Cal because it was unable to perform these reconciliations within the FI$Cal system pending a future enhancement being placed in service. However, the Department of Finance (Finance) had previously released guidance for departments on how to perform bank reconciliations outside of the system, thereby ensuring that departments would be able to adhere to this important control. EDD’s fiscal program division chief stated that the department knew about the workaround but that it was not was aware until December 2021 that it would work for the two noted CTS accounts. He said EDD has since begun having internal discussions on how it can implement this workaround.

Finally, the Franchise Tax Board did not complete its bank reconciliations for fiscal year 2019–20 until December 2020, which was about five months after the State’s deadline, but before it submitted its financial statements.

Similar to the prior year, we found that 17 departments of material importance to the State’s overall financial reporting did not reconcile their accounts to the records of the State Controller in a timely manner. We show these departments and the dates they submitted their late year‑end reports in the table below. Among the departments’ explanations for not performing timely reconciliations were the following:

  • A delay in starting the process of accounting for fiscal year 2019–20 due to the late close of fiscal year 2018–19.
  • Delays caused by the late resolution of FI$Cal system tickets (a request from a FI$Cal user for technical support).
  • The inherent complexity of the FI$Cal system results in tasks taking longer to complete than under the previous accounting system.
  • Issues with system configurations that result in items being placed into suspense that require manual correction before departments can proceed with their reconciliation efforts.
  • A lack of adequately trained staff resulting from staff turnover and the need for additional positions to address the concerns referenced above.

Finally, representatives of a few departments that are responsible for a number of different funds stated that completing their year‑end closing procedures for all of their funds at once, rather than fund by fund, causes delays for those funds that are ready to close sooner.

Departments That Performed Late Reconciliations
To Accounts Maintained By The State Controller
Dates Late Financial Reports Were
Submitted To The State Controller
California Air Resources Board 9/30/2020
California Department of Education 2/18/2021–2/24/2021
California Department of Forestry and Fire Protection 3/19/2021
California Department of Public Health 11/17/2020
California Department of Resources Recycling and Recovery 2/8/2021
California Department of Social Services 11/9/2020–11/13/2020
California Department of Tax and Fee Administration 10/27/2020
California Governor's Office of Emergency Services 8/26/2020
California Highway Patrol 2/18/2021
California Student Aid Commission 11/23/2020
Department of Developmental Services 12/7/2020
Department of Health Care Services 11/4/2020–12/21/2020
Department of State Hospitals 10/26/2020
Employment Development Department 6/16/2021–8/13/2021
Franchise Tax Board 12/12/2020–12/21/2020
Office of the Chancellor of the California Community Colleges 12/11/2020
State Water Resources Control Board 7/28/2021

Notes: Multiple dates listed indicate a range for different funds used by the department.

State Administrative Manual section 7930 required that departments submit their year‑end financial reports for fiscal year 2019–20 to the State Controller by July 31, 2020, for the general fund and by August 20, 2020, for all other funds.

This table reflects only the late submission of financial reports for funds of material importance to the State’s overall financial reporting.

EDD’s difficulties in performing timely monthly reconciliations to the records of the State Controller contributed to its inability to prepare accurate year‑end financial reports for the Unemployment Programs Fund and the Federal Fund. According to EDD’s fiscal programs division chief, the department continued to be behind in transitioning its accounting processes to FI$Cal, which contributed to EDD’s problems in completing accurate and timely monthly reconciliations. We noted a number of issues when reviewing EDD’s year‑end reconciliation. For example, EDD encountered a large discrepancy when it attempted to reconcile its Cash in US Treasury account to the State Controller’s balance. However, rather than determining the true cause of this discrepancy, the department incorrectly derived and recorded an inappropriate adjusting entry that did not resolve the underlying issue. At that time, EDD reported a $2.2 billion negative balance in its Cash in US Treasury account, while the State Controller reported a $374.9 million positive balance. This large negative balance was the result of EDD incorrectly reducing its Cash in State Treasury account balance in FI$Cal each time it borrowed money from the federal government to pay state‑funded unemployment benefits rather than recording these amounts as loans. EDD staff preparing the reconciliation did not appear to be aware of how these adjustments affected the account balance because they were not addressed in the reconciliation. Finally, when posting the adjusting entry, EDD also incorrectly decreased another cash account balance by $1.1 billion and the transfers out account by $1.4 billion. EDD’s reconciliation for the Cash in State Treasury account balance as of December 2019 noted the same, large variance and identified a need to research the issue further; however, the department did not do so. The breakdown of internal controls underscores the need to perform reconciliations thoroughly and promptly so that the sources of discrepancies and appropriate adjusting entries will be easier to identify.

EDD recorded two other unsupported adjustments during its final reconciliation process for fiscal year 2019–20, each of which exceeded $1 billion. One adjustment had the effect of offsetting the $1.1 billion cash account decrease noted above, but it also incorrectly decreased expenses by $1.2 billion. The other adjustment incorrectly increased expenses and amounts owed to the federal government by $1.6 billion. Because of the interrelationship between the Unemployment Programs Fund and the Federal Fund, these adjustments contributed to material misstatements in both funds. The fiscal programs division chief said EDD felt pressure to complete its year‑end financial statements quickly because it was behind schedule, and that led to inaccurate reconciliations. Nevertheless, the department’s accounting staff should be properly analyzing and correcting discrepancies identified during the reconciliation process to avoid creating other inaccuracies.

Criteria:

Government Code sections 13400 through 13407 state that agency heads are responsible for the establishment and maintenance of a system or systems of internal control and effective and objective ongoing monitoring of the internal controls within their state agencies. This responsibility includes documenting the system, communicating system requirements to employees, ensuring that the system is functioning as prescribed, and making modifications, as appropriate, for changes in conditions.

State Administrative Manual (SAM) section 7901 requires that departments reconcile their accounts to those accounts maintained by the State Controller to disclose errors as they occur. Departments should analyze differences and make corrections to their accounts or request corrections to the State Controller’s accounts so that information between both systems is complete and accurate. Corrections to errors should be made before financial reports are prepared to ensure the accuracy of a department’s financial reports. Reconciliations shall be prepared monthly within 30 days of the preceding month.

SAM section 7923 requires departments to reconcile their bank account balance with the like account maintained in the CTS. Departments must reconcile their General Cash, Revolving Fund Cash, and Agency Trust Fund Cash accounts with their State Controller’s CTS Account Statement bank balance, adjusted for deposits in‑transit, outstanding checks, and other reconciling items. Departments should file the CTS statements and monthly reconciliations in date order.

SAM section 7930 requires that departments submit their year‑end financial reports to the State Controller by July 31 for the general fund and by August 20 for all other funds.

Recommendations:

Departments should perform their monthly bank reconciliations and reconciliations to the accounts maintained by the State Controller in a timely manner, and before submitting financial reports to the State Controller.

Departments should identify the underlying cause for any reoccurring FI$Cal tickets that are hindering monthly reconciliations and inquire with the Department of FISCal about the development of any possible enhancements or changes to established business processes. In the interim, departments should work closely with the Department of FISCal to ensure the timely closure of open tickets.

Departments should look for opportunities to redesign their internal business processes that are deterring the timeliness of monthly reconciliations.

Departments with multiple funds should request that the Department of FISCal initiate the year‑end closing process for material funds separately from their other funds.

Departments should be proactive with succession planning to ensure that when key staff leave, reconciliations can still be performed in a timely manner. This may include the cross‑training of other existing staff positions, requesting funding for additional positions, or exploring the possibility of contracting for additional support.

Departments should work with Finance and the State Controller to obtain any additional training for staff to ensure monthly reconciliations are performed properly and in a timely manner.

EDD should ensure that staff properly reconcile department records to the State Controller by providing appropriate training and support. It should adequately document its reconciling items and retain sufficient evidence justifying those items.

EDD should further research issues that caused it to be unable to properly complete its final State Controller reconciliations for fiscal year 2019–20 and adjust its accounting records accordingly.

EDD should develop a formal process to reconcile its banking activity to its official accounting records maintained in FI$Cal. If the FI$Cal system lacks the features required to perform these reconciliations, EDD should consider alternative approaches for reconciling its banking activity to FI$Cal outside of that system.

DHCS should complete its bank reconciliations and reflect any resulting adjusting entries in its official accounting records maintained in FI$Cal.

Departments' Views and Corrective Actions

Each of the departments stated that they agreed with the findings and recommendations, and already have or will institute the necessary corrective actions. Many departments also reiterated some of the challenges they experienced with FI$Cal during fiscal year 2019–20, some of which remain to this day. Common themes included challenges related to allocations, business processes taking longer to complete than under the previous system, and delays while waiting for resolution of FI$Cal system tickets.

EDD agrees with the finding and related recommendations. The department reiterated problems it has faced determining how to reconcile its bank accounts within or outside FI$Cal and stated that it is now considering how best to adopt the Department of Finance workaround noted in the finding to bring its bank reconciliations into compliance with State Administrative Manual requirements. EDD also restated issues it has had implementing FI$Cal in general and in accounting for federal loans in particular that affected its reconciliations to State Controller records. It said that it is reviewing its processes to identify areas that need to be updated, including revisiting the way it records certain transactions, ensuring that adjusting entries are properly supported, and providing appropriate training to staff. Lastly, EDD stated that it is researching issues that came up during fiscal year 2019–20 to identify transactions that need to be adjusted.





Reference Number: 2020-3

Condition:

We identified pervasive findings in the overall information technology (IT) general controls environment of the Financial Information System for California (FI$Cal). Details of these findings are being withheld pursuant to Government Code section 8592.45 which prohibits disclosure of certain information related to the FI$Cal IT infrastructure. Accordingly, and consistent with applicable auditing standards, we decided not to publish these details. Thirty‑four (34) out of thirty‑nine (39) control deficiencies have Plans of Action and Milestones (POAMs) that were not remediated as of the end of the audit period. Further, sufficient compensating controls were not in place to reduce the impact of these findings on the IT general controls environment. Of the applicable open POAMs, a majority of the items were identified in March 2018 and had not been remediated as of the end of the audit period, June 30, 2020.

The primary cause of these issues was insufficient planning to incorporate appropriate governance and control requirements over financial systems prior to implementing FI$Cal. This, in turn, resulted in inadequate resources and oversight to properly implement, monitor, and maintain IT controls that support FI$Cal’s financial reporting function.

The deficiencies result in pervasive risks at the entity and system‑level to automated controls and configurations of the FI$Cal system, which impact the ability to rely on FI$Cal data used for financial reporting. Lack of IT general controls could compromise the reliability and integrity of financial data and increases the risk of misstatements in the financial reports.

Criteria:

The Financial Audit Manual (FAM) 240‑4 states in relevant part:

(.12) Information system controls consist of those internal controls that are dependent on information system processing and include general controls, application controls, and user controls. Information system general controls (implemented at the entity wide, system, and application levels) are the structure, policies, and procedures that apply to all or a large segment of an entity’s information systems. General controls help ensure the proper operation of information systems by creating the environment for effective operation of application controls. An effective information system general control environment:

  • provides a framework and continuing cycle of activity for managing risk, developing security policies, assigning responsibilities, and monitoring the adequacy of the entity’s computer‑related controls (security management);
  • limits or detects access to computer resources, such as data, programs, equipment, and facilities, thereby protecting them against unauthorized modification, loss, or disclosure (logical and physical access);
  • prevents unauthorized changes to information system resources, such as software programs and hardware configurations, and provides reasonable assurance that systems are configured and operating securely and as intended (configuration management);
  • includes policies, procedures, and an organizational structure to manage who can control key aspects of computer‑related operations (segregation of duties); and
  • protects critical and sensitive data, and provides for critical operations to continue without disruption or be promptly resumed when unexpected events occur (contingency planning).

(.13) Application controls, sometimes referred to as business process controls, are those controls incorporated directly into information systems to help ensure the validity, completeness, accuracy, and confidentiality of transactions and data during information system processing. An effective application control environment includes:

  • general controls implemented at the application level (i.e., security management, access controls, configuration management, segregation of duties, and contingency planning);
  • controls over transaction data input, processing, and output as well as master data maintenance; interface controls over the timely, accurate, and complete processing of information between information systems; and
  • controls over the data management systems.

State Administrative Manual (SAM) section 5300.5, states:

"California has adopted the National Institute of Standards and Technology (NIST) Special Publication (SP) 800‑53 as minimum information security control requirements to support implementation and compliance with the Federal Information Processing Standards (FIPS). Each state entity shall use the FIPS and NIST SP 800‑53 in the planning, development, implementation, and maintenance of their information security programs."

SAM section 5305, states:

"Each state entity is responsible for establishing an information security program. The program shall include planning, oversight, and coordination of its information security program activities to effectively manage risk, provide for the protection of information assets, and prevent illegal activity, fraud, waste, and abuse in the use of information assets.

Each state entity shall:

  1. Align the information security program, its activities, and staff with the requirements of this Chapter;
  2. Establish a governance body to direct the development of state entity specific information security plans, policies, standards, and other authoritative documents;
  3. Oversee the creation, maintenance, and enforcement of established information security policies, standards, procedures, and guidelines;
  4. Ensure the state entity’s security policies and procedures are fully documented and state entity staff is aware of, has agreed to comply with, and understands the consequences of failure to comply with policies and procedures;
  5. Identify and integrate or align information security goals and objectives to the state entity’s strategic and tactical plans;
  6. Develop and track information security and privacy risk key performance indicators;
  7. Develop and disseminate security and privacy metrics and risk information to state entity executives and other managers for decision making purposes; and
  8. Coordinate state entity security efforts with local government entities and other branches of government as applicable.”

Recommendations:

The Department of FISCal should do the following:

  • Perform a comprehensive risk assessment to re‑evaluate FI$Cal governance in accordance with SAM, NIST SP 800‑53, financial reporting, and other State and Federal requirements. Results should include, but are not limited to:
    • Updated System Security Plan (SSP), which accurately documents critical policies and procedures associated with the execution and monitoring of controls;
    • Updated policies and procedures which demonstrate management’s controls in place to monitor and prevent risk as designed within the SSP.
  • Generate a project plan for remediation and establish a control environment, which reflects the strategic goals identified as part of the comprehensive risk assessment.
  • Incorporate a process to make consistent progress against open POAMs and to actively pursue remediation of findings which incorporates post‑implementation monitoring.
  • Coordinate and establish validation and verification of controls identified in the SSP.
  • Conduct information, communication, and monitoring activities to promote awareness of updated processes.

Department's View and Corrective Actions:

The Department of FISCal agrees with the findings and is committed to addressing them immediately. The security of the system is our highest priority and we greatly value the State Auditor’s Office (State Auditor) feedback and take the concerns stated in the report seriously. To continuously improve the IT general controls environment, there are yearly independent security assessments and/or audits, updates to the POAMs, and actions taken to implement solutions to remediate findings. To safeguard the system and data, the department emphasizes external threats including emerging threats and operational security and has made consistent progress in closing POAMs. Further, the California Department of Military’s independent security assessment of April 2021 reported that its targeted external attacks were unsuccessful.

During the State Auditor’s audit for fiscal year 2018–19, which concluded after fiscal year 2019–20 closed, the department learned that our risk tolerances are different in some areas than what is expected by the State Auditor. Going forward, the department is enhancing its risk assessment and governance processes, internal controls, policies, procedures and documentation with the same emphasis it has placed on external threats in accordance with these recommendations.





Reference Number: 2020-4

Condition:

As of June 30, 2020, the Franchise Tax Board (FTB) omitted from its financial statements certain income tax revenues of the General Fund, totaling $22 billion. Specifically, FTB did not accrue corporate income taxes or personal income taxes remitted after fiscal year end under a new tax deadline extension. In March 2020, in response to the COVID‑19 pandemic, the Governor issued an executive order granting FTB the authority to extend deadlines for certain tax payments. As a result, amounts normally received by fiscal year end were in need of accrual. This error occurred because FTB did not update its accrual procedures to address this change. As a result, there was a misunderstanding between the various groups within FTB who prepare the financial statements at year‑end, as to who would accrue these payments.

Criteria:

Government Code section 12461 requires the State Controller to issue an annual comprehensive financial report (ACFR) that is prepared in accordance with accounting principles generally accepted in the United States of America (GAAP).

Codification of Governmental Accounting and Financial Reporting Standards section 1600 states that financial statements for governmental funds should be presented using the current financial resources measurement focus and the modified accrual basis of accounting, which requires revenues to be reported when they become available and measurable.

Recommendations:

To ensure that its financial statements are properly presented and comply with GAAP at fiscal year‑end, FTB should do the following:

  • On an annual basis, review and update its existing accrual methodologies to ensure they are up to date and appropriate.
  • Given their complexity, institute a review process over the accrual calculations to ensure they adhere to the established methodology and are free from errors.
  • Provide guidance and training to staff on the requirements of GAAP.

Department's View and Corrective Actions:

FTB agrees with the finding and recommendations. We will annually review our procedures and methodologies to ensure they are up to date and appropriate for any changes affecting the accrual. In addition, we will institute a review process to ensure that the accrual complies with GAAP and provide additional guidance and training to staff on the requirements of GAAP.





Reference Number: 2020-5

Condition:

The Department of Finance (Finance) incorrectly reported activities for fiscal year 2019–20 related to a large, new source of federal funding. Specifically, it initially did not report any expenditures in the State’s Coronavirus Relief Fund (Coronavirus Fund), and when it acted to fix this situation, its adjustments had to be followed by significant correcting entries. If left uncorrected, these errors would have resulted in an understatement of Federal Fund expenditures of $1.5 billion in the State’s Annual Comprehensive Financial Report (ACFR).The State’s ACFR presents a Federal Fund, which includes the Coronavirus Fund and other funds that receive money from the federal government.

In March 2020, the U.S. Congress enacted the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), providing the U.S. Treasury with money to make payments to state and local governments for certain expenditures related to their response to the COVID‑19 pandemic. In May 2020, the U.S. Treasury allocated $9.5 billion to be paid directly to the State of California to use for expenses incurred between March 1, 2020, and December 30, 2020.In late 2020, Congress amended this provision to December 31, 2021. Finance proposed and the Legislature approved allocation of the funds to various state agencies, counties, and cities in June 2020. Finance is the state agency generally responsible for overseeing and managing this money through the State’s Coronavirus Fund, and it developed processes to track the expenditure of $7.7 billion of Coronavirus Fund money allocated to state agencies and $1.8 billion allocated to local governments.

The Coronavirus Fund is a special revenue fund under generally accepted accounting principles (GAAP). For this reason, expenditures as well as revenues related to this federal funding should be recorded in the Coronavirus Fund. By the end of September 2020, Finance had paid local governments nearly $900 million from the fund and told the Legislature that it had identified more than $800 million in state agency expenses to be paid by the fund. These circumstances indicated that Finance would likely need to report some level of expenditures in the fund for the period March 1, 2020 through June 30, 2020. Through March 2021, however, Finance had reported no expenditures for the fund.

Finance subsequently made a GAAP adjusting entry of $1.8 billion to record expenditures related to local governments. This entry, however, overstated Coronavirus Fund expenditures as it amounted to the entire allocation to local governments for the duration of the program, without regard to when they had incurred costs. After we asked for support for the entry, Finance identified that local governments had reported incurring costs for fiscal year 2019–20 totaling only $729 million, so it submitted an entry to decrease expenditures accordingly. Finance also recorded transfers from the Coronavirus Fund for reimbursements it made to the General Fund, instead of expenditures. When we brought this to Finance’s attention, it submitted an adjusting entry that recorded $746 million of expenditures in the Coronavirus Fund and reduced General Fund expenditures by the same amount, appropriately matching federal revenues and expenditures in the Coronavirus Fund. Finance explained that evolving federal guidelines hindered its ability to determine appropriate entries. The noted errors also appear to have occurred because Finance did not adequately address the requirements of GAAP when preparing and reviewing adjusting entries for the Coronavirus Fund.

Criteria:

Codification of Governmental Accounting and Financial Reporting Standards section 1600 states that financial statements for governmental funds should be presented using the current financial resources measurement focus and the modified accrual basis of accounting. Revenues should be recognized in the accounting period in which they become available and measurable. Expenditures should be recognized in the accounting period in which the fund liability is incurred, if measurable.

Government Accounting Standards Board Statement No. 54 section 30 states that special revenue funds are used to account for and report the proceeds of specific revenue sources that are restricted or committed to expenditure for specified purposes other than debt service or capital projects. The State has created the Coronavirus Fund, a special revenue fund, for the deposit of moneys received from the federal government for relief of the effects of the pandemic caused by COVID‑19.

Recommendations:

To ensure that the State complies with financial statement reporting requirements in the future, Finance should do the following:

  • Develop written procedures to ensure that it prepares and adequately reviews entries to report expenditures in accordance with GAAP.
  • Ensure that staff preparing and reviewing financial reports receive adequate guidance and training in GAAP requirements.

Department's View and Corrective Actions:

Finance acknowledges some initial issues with the accounting entries required for the Coronavirus Fund. The determination and timing of the entries were impacted by several iterations of federal guidance, establishing appropriation authority, and clarifying the GAAP requirements for the new fund. The accounting entries were fully resolved prior to the issue of the State’s ACFR.

Finance agrees with the State Auditor’s recommendations and has already implemented additional internal procedures, guidance and training related to GAAP for our 2020–21 financial reporting.





Reference Number: 2020-6

Condition:

In fiscal year 2018–19, we reported that the Department of Parks and Recreation (State Parks) was unable to reconcile its capital asset account balances for buildings and related improvements to a subsidiary inventory ledger, and therefore it could not ensure that it was reporting complete and accurate information in the State’s Annual Comprehensive Financial Report (ACFR). Prior to implementing the Financial Information System for California (FI$Cal) in fiscal year 2017–18, State Parks reported its capital assets based on historical account balances reflected in the California State Accounting and Reporting System (CalSTARS)—the department’s previous accounting system. However, according to its chief of accounting at that time, State Parks does not have a subsidiary ledger listing the buildings and related improvements making up the account balance. During fiscal year 2019–20, State Parks did not implement our recommendations and thus continues to lack such a ledger because it does not have adequate policies and procedures in place to ensure that its records for buildings and related improvements are maintained in compliance with generally accepted accounting principles (GAAP).

In order to establish such a ledger, State Parks engaged its districts in February 2020 to conduct an inventory of these assets; however, the data resulting from this inventory did not comply with GAAP. Specifically, State Parks used records contained in its asset management system (Maximo) as a starting point and instructed district personnel to verify their completeness and accuracy. However, because State Parks does not use Maximo for accounting purposes, the data did not always comply with GAAP. Specifically, assets were not always recorded at historical cost (or acquisition value for donated assets).

Similarly, Maximo data did not contain accurate acquisition dates for a significant number of assets. Because the State depreciates building and related improvements over a period of 40 years, such inaccuracies would cause errors in depreciation calculations. Further, State Parks management at its headquarters office did not provide sufficient guidance to districts on GAAP requirements and did not allow districts sufficient time to gather and correct missing or inaccurate information. As a result, the districts’ inventory listings often did not correct known issues with the Maximo data. Nevertheless, State Parks has still not completed an inventory of its assets. In September 2021, State Parks once again directed its districts to conduct an inventory of its structures, which it expects to complete in March 2022. Based on the level of funding historically made available to State Parks, the issues described above do not currently pose a risk of a material misstatement to the State’s ACFR.

Criteria:

Codification of Governmental Accounting and Financial Reporting Standards section 1400.102 states that capital assets should be reported at historical cost. The cost of a capital asset should include ancillary charges necessary to place the asset into its intended location and condition for use. Ancillary charges include costs that are directly attributable to asset acquisition—such as freight and transportation charges, site preparation costs, and professional fees. Donated capital assets should be reported at their acquisition value plus ancillary charges, if any.

Codification of Governmental Accounting and Financial Reporting Standards section 1400.104 states that capital assets should be depreciated over their estimated useful lives unless they are inexhaustible, are intangible assets with indefinite useful lives, or are infrastructure assets reported using the modified approach.

State Administrative Manual (SAM) section 8650 states that to maintain accountability of state assets, departments are required to maintain a record of state property, whether capitalized or not, in a property accounting or inventory system. When property is acquired, departments will record information in the system including, but not limited to the date acquired, property description, owner fund, and cost.

SAM section 7924 directs departments to reconcile the acquisitions and dispositions of capitalized property with the amounts recorded in the property ledger. The reconciliation should be done monthly or at least quarterly, depending on the volume of transactions.

SAM section 8652 states that departments are to make a physical count of all property and reconcile the count with accounting records at least once every three years.

Recommendations:

To ensure the proper reporting of its buildings and related improvements within its year‑end financial statements, State Parks should take the following action:

  • Develop policies and procedures for capital asset accounting and reporting that comply with GAAP, including but not limited to the following:
    • Define the roles and responsibilities of management and staff involved in the process of accounting for and reporting capital assets.
    • Develop detailed processes that incorporate instructions on how to identify capitalizable versus non‑capitalizable costs, as well as the type of source documentation that should be used to support such costs.
    • Develop detailed processes to account for and report any changes in capital assets, including additions, deductions, and impairments, if any.
  • Conduct a comprehensive inventory that includes the following elements to ensure that its buildings and related improvements are accurately reported in a subsidiary ledger:
    • Developing a sound methodology for identifying and compiling relevant capital asset information, including asset values based on historical cost (or acquisition value for donated assets) and asset acquisition dates.
    • Communicating the methodology to staff and providing guidance on key GAAP requirements related to capital asset reporting.
    • Developing a process to review inventory results to ensure they are accurate and complete.
  • Update building and related improvements records in FI$Cal to reflect the results of the inventory, and ensure that the year‑end financial reports reflect any necessary restatements.
  • Conduct a physical count of all property and reconcile the count with accounting records at least once every three years in accordance with SAM section 8652.

Department's View and Corrective Actions:

State Parks agrees with the findings and stated that it has taken or will take the following actions:

  • Develop a policy for capital asset reporting. State Parks created a draft policy that is currently being reviewed internally.
  • Develop detailed processes that incorporate instructions on how to identify capitalizable versus non‑capitalizable costs, as well as the type of source documentation that should be used to support such costs.
  • Develop detailed processes to account for and report any changes in capital assets, including additions, deductions, and impairments, if any.
  • Identify and compile relevant capital asset information. State Parks also developed a methodology for determining historic values for those assets that do not have available records.
  • Communicate key GAAP requirements to its staff through policies and procedures.
  • Develop a process to review the comprehensive inventory to ensure that the results are accurate.
  • Update FI$Cal accounting records upon completion of the comprehensive inventory.
  • Conduct the required physical count of all property and reconcile with accounting records at least once every three years.