Report 2021-001.1
March 31, 2023

State of California
Internal Control and Compliance Audit Report
for the Fiscal Year Ended June 30, 2021

March 31, 2023
2021-001.1

The Governor of California
President pro Tempore of the Senate
Speaker of the Assembly
State Capitol
Sacramento, California 95814

Dear Governor and Legislative Leaders:

As required by Government Code section 8543 et seq., the California State Auditor’s Office presents its audit report concerning our review of the State of California’s internal controls and compliance with state regulations for the fiscal year ended June 30, 2021.

This report is an integral part of an audit performed in accordance with Government Auditing Standards in considering the State’s internal control and compliance based on our audit of the State’s basic financial statements. We identified eight deficiencies in internal control over financial reporting that we consider to be material weaknesses and two other deficiencies that we consider to be significant. Deficiencies in the State’s internal control system could adversely affect its ability to provide accurate financial information.

Respectfully submitted,

LINUS LI, CPA
Acting Deputy State Auditor







Report on Internal Control Over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance With Government Auditing Standards

Independent Auditor's Report

The Governor and the Legislature of the State of California

We were engaged to audit, in accordance with the auditing standards generally accepted in the United States of America and the standards applicable to financial audits contained in Government Auditing Standards issued by the Comptroller General of the United States, the financial statements of the governmental activities, the business-type activities, the aggregate discretely presented component units, each major fund, and the aggregate remaining fund information of the State of California as of and for the year ended June 30, 2021, and the related notes to the financial statements, which collectively comprise the State of California’s basic financial statements, and have issued our report thereon datedMarch 23, 2023. Our report disclaims an opinion on the Unemployment Programs Fund, and qualifies an opinion on Business-Type Activities, the Federal Fund, and Governmental Activities, for the following reasons.

The Employment Development Department had inadequate internal control over its financial reporting for unemployment benefits. In addition, the department was unable to estimate potentially fraudulent claims. As a result, the department was unable to provide complete and accurate accounting information supporting the financial activity of the State’s unemployment program. The condition of the department’s records did not permit us, nor was it practicable to extend other auditing procedures, to obtain sufficient appropriate audit evidence to conclude that Noncurrent Receivables, Benefits Payable, Unemployment and Disability Insurance, and Distributions to Beneficiaries within the Unemployment Programs Fund are free of material misstatement. As a result of this matter, we were unable to determine whether further audit adjustments to these accounts were necessary. The issues described above also caused a $19.8 billion material misstatement of the Loans Payable account balance.

These issues also affect the Business-Type Activities. Therefore, we were unable to obtain sufficient appropriate audit evidence about the Unemployment Programs Fund balances that represent 72 percent of Noncurrent Receivables, 100 percent of Benefits Payable, 100 percent of Unemployment Programs Expenses, and 100 percent of Unemployment Programs Revenues within Business-Type Activities. Similarly, there is a material misstatement of $19.8 billion in the Loans Payable account balance.

The Employment Development Department’s inadequate internal control over its financial reporting also affected the financial statements of the Federal Fund, which the department uses to report activities related to federally-funded unemployment programs. For this reason, the department was unable to provide complete and accurate accounting information supporting revenues and benefit payments. In addition, the Employment Development Department was unable to estimate potentially fraudulent claims. We were therefore unable to obtain sufficient appropriate audit evidence about these adjustments. Together, these issues affected department balances representing 14 percent of Due From Other Governments, 100 percent of Benefits Payable, 100 percent of Other Liabilities, 48 percent of Intergovernmental Revenues, and 57 percent of Health and Human Services Expenditures within the Federal Fund. As a result of these matters, we were unable to determine whether any adjustments to these accounts were necessary.

Finally, the issues we discuss above pertaining to the Federal Fund also affect the Governmental Activities. Therefore, we were unable to obtain sufficient appropriate audit evidence about the Federal Fund balances that represent 13 percent of Due From Other Governments, 100 percent of Benefits Payable, 90 percent of Other Current Liabilities, 54 percent of Health and Human Services Revenues, and 43 percent of Health and Human Services Expenses within Governmental Activities.

Our report includes a reference to other auditors who audited the financial statements of the following, as described in our report on the State of California’s financial statements:

Government-wide Financial Statements

  • Certain governmental funds that, in the aggregate, represent 1 percent of the assets and deferred outflows, and less than 1 percent of the revenues of the governmental activities.
  • Certain enterprise funds that, in the aggregate, represent 86 percent of the assets and deferred outflows, and 45 percent of the revenues of the business-type activities.
  • The University of California and the California Housing Finance Agency that represent 93 percent of the assets and deferred outflows, and 95 percent of the revenues of the discretely presented component units.

Fund Financial Statements

  • The following major enterprise funds: Electric Power, Water Resources, State Lottery, and California State University.
  • The Golden State Tobacco Securitization Corporation, the Public Building Construction, the Public Employees’ Retirement, the State Teachers’ Retirement, the State Water Pollution Control Revolving, the Safe Drinking Water State Revolving, and the 1943 Veterans Farm and Home Building funds, that represent 88 percent of the assets and deferred outflows, and 67 percent of the additions, revenues, and other financing sources of the aggregate remaining fund information.
  • The discretely presented component units noted above.

This report does not include the results of the other auditors’ testing of internal control over financial reporting or compliance and other matters that are reported on separately by those auditors. The financial statements of the Golden State Tobacco Securitization Corporation, the Public Building Construction Fund, the State Lottery Fund, and the Campus Foundations of the University of California, which represent 14 percent of the university’s total assets and deferred outflows of resources and 3 percent of its revenues, were not audited in accordance with Government Auditing Standards.

Internal Control Over Financial Reporting

In connection with our engagement to audit the financial statements, we considered the State of California’s internal control over financial reporting (internal control) as a basis for designing audit procedures that are appropriate in the circumstances for the purpose of expressing our opinions on the financial statements, but not for the purpose of expressing an opinion on the effectiveness of the State of California’s internal control. Accordingly, we do not express an opinion on the effectiveness of the State of California’s internal control.

Our consideration of internal control was for the limited purpose described in the preceding paragraph and was not designed to identify all deficiencies in internal control that might be material weaknesses or significant deficiencies and therefore, material weaknesses or significant deficiencies may exist that have not been identified. However, as described in the accompanying section entitled Internal Control and Compliance Issues Applicable to the Financial Statements and State Requirements, we did identify certain deficiencies in internal control that we consider to be material weaknesses and significant deficiencies.

A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. A material weakness is a deficiency, or a combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis. We consider the deficiencies described in the accompanying section entitled Internal Control and Compliance Issues Applicable to the Financial Statements and State Requirements as items 2021-1 through 2021-8 to be material weaknesses.

A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. We consider the deficiencies described in the accompanying section entitled Internal Control and Compliance Issues Applicable to the Financial Statements and State Requirements as items 2021-09 and 2021-10 to be significant deficiencies.

Compliance and Other Matters

In connection with our engagement to audit the financial statements of the State of California, we performed tests of its compliance with certain provisions of laws, regulations, contracts, and grant agreements, noncompliance with which could have a direct and material effect on the financial statements. However, providing an opinion on compliance with those provisions was not an objective of our audit, and accordingly, we do not express such an opinion. The results of our tests disclosed instances of noncompliance or other matters that are required to be reported under Government Auditing Standards and that are described in the accompanying section entitled Internal Control and Compliance Issues Applicable to the Financial Statements and State Requirements as item 2021-5. Additionally, if the scope of our work had been sufficient to enable us to express an opinion on the Unemployment Programs Fund, instances of noncompliance or other matters may have been identified and reported herein.

State of California’s Response to Findings

The State of California’s responses to the findings identified in our audit are described in the accompanying section entitled Internal Control and Compliance Issues Applicable to the Financial Statements and State Requirements. The State of California’s responses were not subjected to the auditing procedures applied in the audit of the financial statements and, accordingly, we express no opinion on them.

Purpose of This Report

The purpose of this report is solely to describe the scope of our testing of internal control and compliance and the results of that testing, and not to provide an opinion on the effectiveness of the State of California’s internal control or on compliance. This report is an integral part of an audit performed in accordance with Government Auditing Standards in considering the State of California’s internal control and compliance. Accordingly, this communication is not suitable for any other purpose.

CALIFORNIA STATE AUDITOR

LINUS LI, CPA
Acting Deputy State Auditor

Sacramento, California

March 23, 2023






STATE OF CALIFORNIA
SCHEDULE OF FINDINGS FOR THE FISCAL YEAR ENDED JUNE 30, 2021

Summary of Auditor's Results

Financial Statements

Type of auditor’s report issued Disclaimer of opinion for
Unemployment Programs Fund,
Qualified opinions for
Governmental Activities, Business‑Type Activities,
and Federal Fund, and
Unmodified opinions for all other opinion units
Internal control over financial reporting:
Material weaknesses identified? Yes
Significant deficiencies identified that are not considered to be material weaknesses? Yes
Noncompliance material to financial statements noted? Yes











Reference Number: 2021-1

Condition:

The Employment Development Department (EDD) did not properly estimate potentially fraudulent unemployment benefit payments related to pandemic unemployment insurance (UI) program funding made available by the federal government. In addition, EDD did not adequately reconcile and correctly report the financial activity of its UI program. These conditions resulted in possible material misstatements in its year‑end financial reports and the delayed publication of the State’s Annual Comprehensive Financial Report (ACFR). This improper estimate and inadequate reconciliation also led to the modified opinions we express on the Unemployment Programs Fund, Federal Fund, Business‑Type Activities, and Governmental Activities.

As we noted in our January 2021 report, Significant Weaknesses in EDD's Approach to Fraud Prevention Have Led to Billions of Dollars in Improper Benefit Payments, Report 2020‑628.2, EDD’s approach to preventing fraud within its UI program during fiscal years 2019–20 and 2020–21 had significant internal control weaknesses. For example, EDD has allowed claimants with suspicious addresses to continue collecting benefits and had removed a key control that prevents payments to claimants with unconfirmed identities. EDD also allowed payments for claims filed that included the names of incarcerated individuals. Moreover, errors that EDD made during the estimation process prevented the agency from being able to provide us with a reliable estimate of the amount of potential fraud as of June 30, 2021. For example, EDD’s estimate omitted certain payments to claimants who made false statements to obtain benefits, thereby understating the amount of potential fraud. The estimate also incorrectly included valid claims for benefits, which overstated the amount of potential fraud. As a result, there are possible material misstatements in receivables, liabilities, and expenses within the Unemployment Programs Fund. Moreover, this issue results in possible material misstatements in receivables, liabilities, revenues, and expenditures in the Federal Fund.

For fiscal year 2019–20, we also reported that EDD did not adequately account for the funding it obtained from the federal government to pay for unemployment benefits. In response to the COVID‑19 pandemic, the federal government provided funding to expand eligibility for unemployment benefits and increases to the weekly benefit amounts. Consequently, EDD needed to properly distinguish between the amounts it drew down and spent on these new federal programs versus the amounts it drew down for the regular state‑funded UI program. Although EDD has made progress in this area by performing a reconciliation of the amounts it drew down to other financial records that track payments to UI claimants, it did not reconcile this information to its financial statements.

The State’s cash reserve for its program was eliminated during the last quarter of fiscal year 2019–20, creating the need for EDD to borrow from the federal government to continue making state program payments. Although EDD has now reconciled the amount of money borrowed from the federal government, this activity was not reconciled to its financial statements, resulting in material misstatements in liabilities and other unknown accounts.

Criteria:

Government Code section 12461 requires the State Controller to issue an ACFR that is prepared in accordance with generally accepted accounting principles (GAAP).

Codification of Governmental Accounting and Financial Reporting Standards section 1600 states that the financial statements for proprietary funds should be presented using the economic resources measurement focus and the accrual basis of accounting. The financial statements for governmental funds should be presented using the current financial resources measurement focus and the modified accrual basis of accounting. Revenues should be recognized in the accounting period in which they become available and measurable. Expenditures should be recognized in the accounting period in which the fund liability is incurred.

Codification of Governmental Accounting and Financial Reporting Standards section N50 states that federal funding should only be recognized as receivables and revenue after all applicable eligibility requirements are met.

Recommendations:

To prevent misstatements from recurring, EDD should take the following actions:

  • Revisit its methodology for estimating potentially fraudulent payments to ensure that it includes invalid claims and excludes valid claims. EDD should implement multiple levels of review during each step of the process.
  • Reconcile its draw‑down activity to its financial statements and make the necessary correcting entries to its accounting records, including any prior period restatements, to ensure that it is properly recording and reporting state unemployment program funds, federal unemployment program funds, and state unemployment program borrowing activity.
  • Provide guidance and training to both program and accounting staff on the requirements of GAAP.

Department’s View and Corrective Actions:

EDD agrees with the finding and recommendations. EDD stated that it would continue modifying its methodology for estimating potentially fraudulent payments based on knowledge gained during the past two fiscal years and will implement a validation process to ensure that multiple levels of review are incorporated into the process. Furthermore, EDD explained that it has begun reconciling its draw-down activity, and that once this reconciliation is complete, it plans on recording necessary adjustments to its financial statements. Finally, EDD described its efforts to procure additional training on the requirements of GAAP, which included purchasing a governmental GAAP guide, starting to develop internal training materials, and attending two training events.



Reference Number: 2021-2

Condition:

In prior fiscal years, we reported that numerous departments using the Financial Information System for California (FI$Cal) for financial reporting did not complete bank reconciliations or reconcile their accounts to the State Controller’s Office’s (State Controller) records in a timely manner. Furthermore, many departments submitted late year‑end financial reports to the State Controller, which delayed the publication of the State’s Annual Comprehensive Financial Report (ACFR). We found that although many departments had made progress in performing these reconciliations during fiscal year 2020–21, some still struggle to perform them on time. As a result, departments continued to submit late year‑end financial reports, which delayed the publication of the ACFR. Furthermore, the Department of Health Care Services (DHCS), the California Department of Resources Recycling and Recovery (CalRecycle), and the Employment Development Department (EDD) did not complete their bank reconciliations to FI$Cal before submitting their year‑end financial reports.

In addition to preparing bank reconciliations, departments must reconcile their accounts to the records of the State Controller. There are six departments of material importance to the State’s overall financial reporting that did not perform these monthly reconciliations in a timely manner during fiscal year 2020–21. Both types of reconciliations serve as important internal controls because they enable departments to detect fraud and to identify and resolve errors or omissions in the financial information that is ultimately reported in the State’s ACFR.

Similar to the prior two fiscal years, DHCS did not fully reconcile its banking activity before submitting its fiscal year 2020–21 financial reports to the State Controller. DHCS’s financial management division chief (division chief) stated that its challenges with preparing a timely reconciliation resulted from the need to prioritize the outstanding reconciliations for fiscal years 2018–19 and 2019–20, because they affected the beginning balances for fiscal year 2020–21. She also stated that DHCS encountered other significant challenges, including the departure of key staff and the fact that its procedures for completing bank reconciliations to FI$Cal were still under development. Although DHCS has since completed these procedures and substantially reconciled its bank activity for those three fiscal years, thereby mitigating the risk of a material misstatement to the financial statements, none of these fiscal years is fully reconciled. The division chief said that the department will not be able to resolve the remaining unreconciled banking activity for fiscal years 2018–19 and 2019–20 because of insufficient financial records.

Similar to DHCS, CalRecycle submitted its fiscal year 2020–21 year‑end financial reports to the State Controller before completing its June 2021 bank reconciliation—in this case nearly four months earlier. CalRecycle subsequently submitted revised fiscal year 2020–21 year‑end financial reports, one day after completing its June 2021 bank reconciliation. CalRecycle’s fiscal services branch manager stated that the department made the internal decision to put bank reconciliations on hold and instead prioritize other work, including the department’s transition to the FI$Cal system. She said that CalRecycle also had significant staff turnover in recent years, and that caused the department to fall behind. Although the department stated that it was delayed because of the transition to FI$Cal, CalRecycle also had already transitioned to the FI$Cal system in 2015.

In the prior fiscal year, we recommended that EDD develop a formal process to reconcile its banking activity to the FI$Cal system for two Centralized State Treasury System (CTS) accounts it uses to track payments for unemployment insurance (UI) and disability insurance (DI) benefits. EDD has since developed a formal process and prepared these reconciliations for the prior three fiscal years, covering the period since implementing FI$Cal through June 30, 2021. EDD was able to fully reconcile DI‑related banking activity and substantially reconcile UI‑related banking activity. However, these reconciliations were not prepared in a timely manner, and the UI reconciliations were still in progress at the time EDD submitted financial statements for the unemployment fund and the federal fund to the State Controller. As we reported in the prior fiscal year, EDD was still in the process of implementing the Department of Finance’s (Finance) guidance on reconciling banking activity using information from the FI$Cal system, so it did not start preparing these reconciliations until 2022.

Similar to the prior fiscal year, we found that six departments of material importance to the State’s overall financial reporting did not reconcile their accounts to the records of the State Controller in a timely manner. We identify these departments and the dates they submitted their late year‑end reports in the table below. The departments’ explanations for not performing timely reconciliations include the following:

  • A delay in starting the process of accounting for fiscal year 2020–21 because of the late close of fiscal year 2019–20.
  • Delays caused by the late resolution of FI$Cal system tickets (a request from a FI$Cal user for technical support).
  • The inherent complexity of the FI$Cal system results in tasks taking longer to complete than under the previous accounting system.
  • A lack of adequately trained staff resulting from staff turnover and the need for additional positions to address the concerns referenced above.
Departments That Performed Late Reconciliations
To Accounts Maintained By The State Controller
Date Late Financial Reports Were
Submitted To The State Controller
California Air Resources Board 9/30/2021
California Department of Resources Recycling and Recovery 10/18/2021
California Department of Social Services 11/12/2021
California Department of Forestry and Fire Protection 3/9/2022
State Water Resources Control Board 6/2/2022
Employment Development Department 7/30/2022

Notes: The table reflects only the late submission of financial reports for funds of material importance to the State’s overall financial reporting.

In the prior fiscal year, we recommended that EDD fully reconcile its department records to the State Controller and document supporting evidence for significant reconciling items. During fiscal year 2020–21, EDD addressed this recommendation.

Additionally, the Department of Social Services (Social Services) and the California Department of Education (Education) did not properly reconcile their financial records to the State Controller’s records. As we discuss in finding 2021‑5, the State Controller established certain invalid appropriations, including one pertaining to Social Services and several related to Education. However, neither department detected these errors when reconciling their accounts. As a result, these two departments did not properly execute this key control over appropriations.

Criteria:

Government Code sections 13400 through 13407 state that agency heads are responsible for the establishment and maintenance of systems of internal control and effective and objective ongoing monitoring of the internal controls in their state agencies. This responsibility includes documenting the system, communicating system requirements to employees, ensuring that the system is functioning as prescribed, and making any necessary appropriate modifications for changes in conditions.

State Administrative Manual (SAM) section 7901 requires that departments reconcile their accounts to those accounts maintained by the State Controller to disclose errors as they occur. Departments should analyze differences and make corrections to their accounts or request corrections to the State Controller’s accounts so that information between both systems is complete and accurate. Corrections to errors should be made before financial reports are prepared to ensure the accuracy of a department's financial reports. Reconciliations shall be prepared monthly within 30 days of the preceding month.

SAM section 7923 requires departments to reconcile their bank account balance with the like account maintained in the CTS. Departments must reconcile their general cash, revolving fund cash, and agency trust fund cash accounts with their State Controller’s CTS Account Statement bank balance, adjust for deposits in‑transit, outstanding checks, and other reconciling items. Departments should file the CTS statements and monthly reconciliations in date order.

SAM section 7930 requires that departments submit their year‑end financial reports to the State Controller by August 31 for all funds.

Recommendations:

Departments should perform their monthly bank reconciliations and reconciliations to the accounts maintained by the State Controller in a timely manner, and before submitting timely financial reports to the State Controller.

Departments should identify the underlying cause for any reoccurring FI$Cal support tickets that are hindering monthly reconciliations and inquire with the Department of FISCal about the development of any possible enhancements or changes to established business processes. In the interim, departments should work closely with the Department of FISCal to ensure the timely closure of open tickets.

Departments should look for opportunities to redesign internal business processes that are deterring the timeliness of monthly reconciliations.

Departments with multiple funds should request that the Department of FISCal initiate the year‑end closing process for material funds separately from their other funds.

Departments should be proactive with succession planning to ensure that when key staff leave, the department can still perform reconciliations in a timely manner. This may include the cross‑training of other existing staff positions, requesting funding for additional positions, or exploring the possibility of contracting for additional support.

Departments should work with Finance and the State Controller to obtain any additional training for staff to ensure that they can properly perform monthly reconciliations and do so in a timely manner.

Departments should compare the balances of their appropriations to those of the State Controller when performing their monthly reconciliations and should report any discrepancies they identify to the State Controller.

DHCS should consult with Finance on the proper approach to closing the outstanding bank reconciliations for fiscal years 2018–19 and 2019–20, because DHCS believes that these years cannot be fully reconciled.

EDD should fully reconcile its banking activity to FI$Cal for the CTS account related to the UI benefit payments for fiscal years 2018–19, 2019–20, and 2020–21.

Departments’ Views and Corrective Actions:

All of the departments with the exception of Education stated that they agreed with the findings and recommendations and already have or will institute the necessary corrective actions. In addition, several departments reiterated some of the challenges they experienced with FI$Cal during fiscal year 2020–21. 

Education did not concur with the finding and recommendation. Education believes that it is in compliance with the State’s reconciliation policy. Additionally, Education stated that it had no way to identify that the appropriations in question were invalid because they were created by Finance, and Education does not receive any information from Finance that would allow it to detect errors. Education asserted that it followed the established process created by the State Controller for these appropriations.

Comment:

To provide clarity and perspective, we are commenting on Education’s response to our finding.

We are concerned about Education’s response to our finding because it is responsible for performing its reconciliations in a manner that would allow it to detect and correct errors as they occur, yet it failed to detect multiple errors in its appropriations during fiscal year 2020–21. Education stated that it had not received information that could have allowed it to detect these errors. However, because Education performs the calculation that supports its continuous appropriation, which includes payments to schools that were deferred in the current year, it should have either recognized these duplicate appropriations or inquired with Finance about their purpose.



Reference Number: 2021-3

Condition:

We identified pervasive findings in the overall information technology (IT) general controls and application controls environment of the Financial Information System for California (FI$Cal). Details of these findings are being withheld pursuant to Government Code section 8592.45, which prohibits disclosure of certain information related to the FI$Cal IT infrastructure. Accordingly, and consistent with applicable auditing standards, we decided not to publish these details. Twenty‑five (25) out of fifty‑two (52) control deficiencies have Plans of Action and Milestones (POAMs), which the Department of FISCal (department) had not remediated as of the end of the audit period. Further, the department had not put sufficient compensating controls in place to reduce the impact of these findings on the IT general and application controls environment.

The primary cause of these issues was that the department’s control processes lacked the necessary level of maturity to consistently achieve its objectives. This was due to inadequate documentation, gaps in established processes or a lack of monitoring and feedback mechanisms to identify and implement process improvements in a timely manner.

The deficiencies result in pervasive risks at the entity and system‑level to automated controls and configurations of the FI$Cal system, which impact the ability to rely on FI$Cal data used for financial reporting. Lack of IT general and application controls could compromise the reliability and integrity of financial data and increases the risk of misstatements in the financial reports.

Criteria:

The Financial Audit Manual (FAM) 240 states in relevant part:

“(.12) IS [information system] controls consist of those internal controls that are dependent on information system processing and include general controls, application controls, and user controls. Information system general controls (implemented at the entitywide, system, and application levels) are the structure, policies and procedures that apply to all or a large segment of an entity’s information systems. General controls help ensure the proper operation of information systems by creating the environment for effective operation of application controls. An effective information system general control environment:

  • provides a framework and continuing cycle of activity for managing risk, developing security policies, assigning responsibilities, and monitoring the adequacy of the entity’s computer‑related controls (security management);
  • limits or detects access to computer resources, such as data, programs, equipment, and facilities, thereby protecting them against unauthorized modification, loss, or disclosure (logical and physical access);
  • prevents unauthorized changes to information system resources, such as software programs and hardware configurations, and provides reasonable assurance that systems are configured and operating securely and as intended (configuration management);
  • includes policies, procedures, and an organizational structure to manage who can control key aspects of computer‑related operations (segregation of duties); and
  • protects critical and sensitive data, and provides for critical operations to continue without disruption or be promptly resumed when unexpected events occur (contingency planning).

(.13) Application controls, sometimes referred to as business process controls, are those controls incorporated directly into information systems to help ensure the validity, completeness, accuracy, and confidentiality of transactions and data during information system processing. An effective application control environment includes:

  • general controls implemented at the application level (i.e., security management, access controls, configuration management, segregation of duties, and contingency planning);
  • controls over transaction data input, processing, and output as well as master data maintenance; interface controls over the timely, accurate, and complete processing of information between information systems; and
  • controls over the data management systems.”

State Administrative Manual (SAM), section 5300.5, states:

“California has adopted the National Institute of Standards and Technology (NIST) Special Publication (SP) 800‑53 as minimum information security control requirements to support implementation and compliance with the Federal Information Processing Standards (FIPS). Each state entity shall use the FIPS and NIST SP 800‑53 in the planning, development, implementation, and maintenance of their information security programs.”

SAM section 5305, Information Security Program states:

“Each state entity is responsible for establishing an information security program. The program shall include planning, oversight, and coordination of its information security program activities to effectively manage risk, provide for the protection of information assets, and prevent illegal activity, fraud, waste, and abuse in the use of information assets.

Each state entity shall:

  1. Align the information security program, its activities, and staff with the requirements of this Chapter;
  2. Establish a governance body to direct the development of state entity specific information security plans, policies, standards, and other authoritative documents;
  3. Oversee the creation, maintenance, and enforcement of established information security policies, standards, procedures, and guidelines;
  4. Ensure the state entity’s security policies and procedures are fully documented and state entity staff is aware of, has agreed to comply with, and understands the consequences of failure to comply with policies and procedures;
  5. Identify and integrate or align information security goals and objectives to the state entity’s strategic and tactical plans;
  6. Develop and track information security and privacy risk key performance indicators;
  7. Develop and disseminate security and privacy metrics and risk information to state entity executives and other managers for decision making purposes; and
  8. Coordinate state entity security efforts with local government entities and other branches of government as applicable.”

Recommendations:

The department should take the following actions:

  • Perform a comprehensive risk assessment to re‑evaluate FI$Cal governance in accordance with SAM, NIST SP 800‑53, FIPS, financial reporting, and other state and federal requirements. Results should include, but are not limited to:
    • Updated System Security Plan (SSP), which accurately documents critical policies and procedures associated with the execution and monitoring of controls;
    • Updated policies and procedures, which demonstrate management’s controls in place to monitor and prevent risk as designed within the SSP.
  • Generate a project plan for remediation and establish a control environment that reflects the strategic goals it identified as part of its comprehensive risk assessment.
  • Incorporate a process to make consistent progress against open POAMs and to actively pursue remediation of findings that incorporates post‑implementation monitoring.
  • Coordinate and establish validation and verification of controls it identified in the SSP.
  • Conduct information, communication, and monitoring activities to promote awareness of updated processes.

Department’s View and Corrective Actions:

The department agrees with the findings and is committed to addressing them. The security of the system is our highest priority and we greatly value the State Auditor’s Office (State Auditor) feedback and take the concerns stated in the report seriously.

To safeguard the system and data, the department is vigilant against external threats including emerging threats and operational security and has made consistent progress in closing POAMs. Starting with the State Auditor audit for fiscal year 2018–19, the department enhanced our risk assessment and governance processes, internal controls, policies, procedures and documentation with the same emphasis that we had placed on external threats.

This emphasis on both external threats and internal control process improvements continues during the State Auditor’s audit for fiscal year 2020–21, which concluded in March 2023. The State Auditor’s focus on internal controls and compliance for the 2020-21 audit indicated that the department’s continued emphasis on internal controls and compliance is well placed. Going forward, the department will align our documentation review/update processes, record retention, and internal control reviews to further improve our maturity in implementing the state policies/standards. The department has made several improvements to our documentation review/update processes and established an Internal Controls and Compliance Section to facilitate further improvements to these processes and meet the compliance requirements.



Reference Number: 2021-4

Condition:

The State Controller’s Office (State Controller) did not sufficiently detect and prevent errors that could have caused material misstatements in the State’s Annual Comprehensive Financial Report (ACFR). For example, the State Controller posted numerous inaccurate adjusting entries to the State’s accounting records for financial activity pertaining to fiscal year 2020–21, which indicates that it has an insufficient internal review process to identify and correct material errors. We found multiple instances of misstatements to accounts that should have prompted the State Controller to question the potential for errors, including erroneous journal entries for accounts with no history of similar transactions.

Among such erroneous journal entries, the State Controller recorded $3.1 billion of escheat revenues for the Transportation Fund, which by its nature does not receive this type of revenue. The entry resulted in an overstatement in the Transportation Fund’s revenues. The State Controller subsequently reversed the entry after we questioned its accuracy and requested supporting evidence.

The State Controller also posted incorrect entries that misstated education expenditures for the general fund. For example, it duplicated a reversal of one of its regular entries, which overstated general fund education expenditures by $1.7 billion. It also made a similar unrelated error that understated general fund expenditures by $250 million. The State Controller subsequently corrected these errors based on our feedback.

The State Controller also erroneously double counted $1.8 billion of state revenues by not eliminating amounts recorded in an intermediary fund. This intermediary fund serves as a depository for retail sales taxes and related fees, penalties, and interest collections, which are ultimately distributed to other funds and local agencies. Although the State Controller recorded the amounts owed to the local funds, it did not remove the same amounts owed within the intermediary fund to avoid double counting them. The State Controller subsequently corrected this entry in response to our inquiry.

We noted many other errors that the State Controller made that resulted in it subsequently needing to post billions of dollars in correcting entries in numerous funds.

Criteria:

Government Code section 12460 requires the State Controller to annually issue two financial reports that each adhere to different accounting principles. The first report—the State’s Budgetary/Legal Basis Annual Report—conforms to the Governor’s Budget and follows budgetary basis principles. That report is used to develop the second report—the ACFR—that conforms to generally accepted accounting principles (GAAP). In instances when the budgetary basis rules differ from those of GAAP, the State Controller or applicable department must prepare accounting entries to adjust the financial statements to comply with GAAP. For instance, if the budgetary basis rules require the recognition of revenues or expenditures on a cash basis, adjusting entries are needed to accrue certain transactions under GAAP. To prepare its financial report, the State Controller annually requests departments to submit GAAP‑adjusting entries for the funds they manage. In certain instances, the State Controller prepares additional adjusting entries to ensure that the department’s entries are in compliance with GAAP.

The State Controller has established desk procedures to guide its staff in preparing the ACFR. The State Controller is also responsible for designing, implementing, and maintaining processes relevant to the preparation and fair presentation of financial statements that are free from material misstatements, whether due to fraud or error.

Recommendations:

To ensure that the ACFR is properly presented at fiscal year‑end, the State Controller should take the following actions:

  • Develop a more formal process for reviewing and approving entries before posting them into its GAAP accounting system.
  • Develop a process to review financial statements after entries are posted to ensure the accuracy of account balances.
  • Develop a process to evaluate its desk procedures annually and update them as necessary.
  • Develop and implement proper controls to thoroughly evaluate the effectiveness of any newly developed procedures.
  • Provide guidance and training to staff to ensure that they understand key accounting concepts and the purpose of the tasks they perform.

Department’s View and Corrective Actions:

The State Controller believes that its internal control framework is sufficiently designed to detect and prevent errors in the State’s financial statements but agrees that assessment and enhancement of this framework is necessary on an ongoing basis in order to maintain the effectiveness of controls. The State Controller acknowledged the errors we identified, but it indicated that certain errors do not reflect deficiencies in internal control procedures because they pertained to unique transactions surrounding state departments’ administration of COVID-19 funding and the implementation of business processes related to newly created state funds.

The State Controller noted a significant increase in the volume of accounting journal entries since the State’s transition to FI$Cal, including an unusual number of GAAP journal entry revisions from departments. The State Controller asserts that its current staffing levels appear to be inadequate to accurately and sustainably handle this increased volume of transactions. The State Controller also acknowledges that its existing desk procedure and departmental reporting processes may require further development to address the increase in annual journal entry submissions and revisions. In addition, the State Controller intends to improve its internal control mechanisms and take corrective action to improve internal controls over departments’ GAAP journal entry submissions.

The State Controller also stated that it experienced a significant annual increase in the volume of non-standard entries, such as transactions stemming from new state financial arrangements, new state funds, and new GASB reporting requirements. The State Controller indicated that the complexity of these transactions has demanded more time and attention from its most experienced staff, who are also responsible for reviewing staff journal entries and performing monitoring activities for accuracy of transactions entered into its financial reporting system. The State Controller intends to take corrective action to ensure that it adheres to a comprehensive and routine method to monitor the budgetary accounting system. The State Controller also intends to identify training opportunities for staff, supervisors, and managers related to this complex accounting work.

Comment:

To provide clarity and perspective, we are commenting on the State Controller’s response to our finding.

We disagree with the State Controller’s position that some of the errors do not represent a deficiency of internal controls. These errors involved circumstances, such as the creation of new funds and the implementation of new standards, which are essential components of a standard internal control process. The State Controller, in its role as the preparer of the State’s financial statements, has the primary duty to adapt to these changes, not only as the State’s GAAP expert but also because of its responsibility to design, implement, and maintain processes relevant to the preparation and fair presentation of financial statements that are free from material misstatements, whether because of fraud or errors.





Reference Number: 2021-5

Condition:

The State Controller’s Office (State Controller) did not adequately ensure that the appropriations it recorded in the State’s accounting system reflected state departments’ legal spending authority during fiscal year 2020–21. The State Controller is responsible for maintaining an accurate record of all state accounts and appropriations. However, we identified a number of budget appropriations available to departments for spending during this period that were duplicates in the State’s accounting system. These duplicate entries resulted in misstatements in the State’s financial statements that required correction and created situations in which departments could have spent state resources unlawfully.

For example, in two instances totaling $12.9 billion, the State Controller posted spending authority and accrued expenditures for the California Department of Education (Education) that duplicated Education’s existing spending authority related to minimum guaranteed funding. State law authorizes spending for minimum funding obligations for schools through a continuous appropriation. In a particular year, the Legislature may choose to defer some of those obligations to a later year, but the deferral does not change the amount the State owes to schools. However, in fiscal year 2020–21, the State Controller recorded appropriations in the State’s accounting system based on legislation outlining the amount and timing of deferred payments despite having already recognized and recorded in the accounting system the same spending authority through the continuous appropriation.

After identifying the legislation that mandated the deferred payments, State Controller staff consulted with and received direction from the Department of Finance (Finance) on the coding to use to record appropriations for the payments. Nevertheless, the State Controller is ultimately responsible for accurately posting appropriations to the State’s accounting system, including avoiding duplicative entries. The State Controller did not reverse the corresponding erroneous expenditure accruals, which affected fiscal year 2020–21 financial reporting, until August 2022, September 2022, and January 2023. Moreover, the invalid appropriations continued to be outstanding in the State’s accounting system until February 2023, although we confirmed that Education did not charge any expenditures to them.

In another instance, the State Controller posted an increase in an appropriation for the Department of Social Services (Social Services) twice. In February 2021, legislation amended the 2020 Budget Act, increasing an appropriation for Social Services by $750 million. This legislation prompted the State Controller to enter the increased spending authority into the State’s accounting system. In April 2021, legislation was approved that affected another aspect of the same section of the budget act but did not change the amount of the appropriation. The chief of the State Controller’s State Accounting and Reporting Division stated that an analyst reviewing the April 2021 legislation mistakenly believed that the office had missed the $750 million increased appropriation from the February 2021 legislation, and therefore the analyst entered the amount again. Two other State Controller staff reviewed and approved the erroneous entry.

The chief of Social Services’ Accounting and Reporting Bureau stated that the department was unaware of the duplicate budget authority until we inquired about unspent appropriations. It then notified the State Controller, which corrected the error in June 2022. Social Services did not charge any expenditures using the erroneous appropriation.

Criteria:

Government Code section 12412 requires the State Controller to keep a record of all state accounts and the undisbursed balance of each specific appropriation.

State Administrative Manual section 7320 specifies that the State Controller is responsible for maintaining central control accounts for all funds in the State Treasury, including appropriation accounts that show the undisbursed balance of each appropriation.

Recommendations:

To ensure that it properly reports state departments’ budget authority in the State’s accounting system, the State Controller should take the following actions:

  • Revise its policies and procedures explaining the circumstances under which legislation results in a change in budget authority and describing how staff should record and adjust appropriations in the State’s accounting system.
  • Ensure that staff follow these policies and procedures, in part by establishing adequate levels of management review.
  • Verify that any changes to appropriations that it posts in the State’s accounting system reflect actual budget authority.

Department’s View and Corrective Actions:

The State Controller agreed with our recommendations and stated that it was working to revise its policies and procedures and provide training to its staff. It also noted the complex nature of appropriations related to minimum funding obligations for schools and indicated it would request that Finance certify the information it provides to the State Controller regarding such appropriations. The State Controller believes that a certification process will help avoid duplicated appropriations.





Reference Number: 2021-6

Condition:

The California Department of Education (Education) overstated its expenditures and related revenues in the Federal Fund by $16 billion, which was primarily related to a federal grant made available under the American Rescue Plan Act of 2021. Specifically, Education made payments during fiscal year 2020–21 to various local educational agencies (LEAs) participating in the Elementary and Secondary School Emergency Relief program. This program provides LEAs with emergency relief funding to address the effects of COVID‑19 on elementary and secondary schools. In compliance with federal requirements, LEAs incur actual costs allowable under the program, which they report to Education. When calculating the amount owed at fiscal year‑end, Education accrued the program’s total remaining budget authority rather than the actual costs incurred by the LEAs. This error occurred because Education lacked formal procedures for its fiscal year‑end accrual process, and staff preparing the financial statements did not sufficiently understand the generally accepted accounting principles (GAAP) rules governing the recording of grants.

Criteria:

Codification of Governmental Accounting and Financial Reporting Standards section N50 states that for non‑exchange transactions, recipients should recognize revenues, and providers should recognize expenditures, when all applicable eligibility requirements are met. This includes incurring an allowable cost under an expenditure‑driven grant.

Recommendations:

To ensure that its financial statements are not materially misstated in the future, Education should do the following:

  • Develop written procedures to ensure that it prepares and adequately reviews entries to report expenditures in accordance with GAAP.
  • Ensure that the staff preparing and reviewing financial reports receive adequate guidance and training on GAAP requirements.

Department’s View and Corrective Actions:

Education agrees with the finding and recommendations. Education will strengthen its existing process by developing written procedures for year-end accruals of non-encumbered funds and adjustments in accordance with GAAP. Specifically, the procedures will: (1) clearly define the steps required to prepare and review expenditure entries for reporting; (2) identify and define the roles and responsibilities of each team member involved in the process; (3) identify the specific GAAP standards, such as GASB 33, that apply to Education’s expenditure entry and reporting process; and (4) annually review the State Controller’s Office GAAP instructions posted on its web site to ensure Education’s procedures remain aligned and up to date with them. Education will also strengthen its existing processes by adding GAAP training into its year-end work plan, thus ensuring staff responsible for preparing and reviewing financial reports are appropriately trained and adequately understand GAAP requirements.





Reference Number: 2021-7

Condition:

The Department of Finance (Finance) initially recorded $12.5 billion in advance revenues in the Federal Fund and expenditures in the General Fund pertaining to the spending of revenue replacement funds provided by the federal government under the American Rescue Plan Act of 2021 (ARPA). ARPA granted funds to compensate for the loss of revenue resulting from the COVID‑19 public health emergency and allowed the State to use those funds to provide government services. The ARPA funding presented unique challenges, because the federal government made the funding available up front to pay for allowable expenditures. Furthermore, the U.S. Treasury released its final rule in January 2022, which it issued ten months after ARPA was signed into law in March 2021. That timing added to the complexity of accounting for these awards because Finance lacked clarity about the revenue replacement funds until well after the end of fiscal year 2020–21. Although Finance chose to use some of these funds to cover payments owed to schools for fiscal year 2020–21 that were deferred until the next fiscal year, it did not recognize these expenditures and related revenues in its financial reports until receiving clarification of the recognition options from the Governmental Accounting Standards Board (GASB) in March 2023, in response to our inquiry.

Criteria:

Codification of Governmental Accounting and Financial Reporting Standards section N50 states that for non‑exchange transactions, recipients should recognize revenues and providers should recognize expenditures when all applicable eligibility requirements are met. This accounting recognition includes incurring an allowable cost under an expenditure‑driven grant.

Recommendations:

To ensure that its financial reports are properly presented and comply with generally accepted accounting principles (GAAP) at fiscal year‑end, Finance should do the following:

  • Provide guidance and training to its staff on the requirements of GAAP including the reporting of non‑exchange transactions.
  • Seek additional guidance from GASB as needed.

Department’s View and Corrective Actions:

Finance agrees with the finding and recommendations and will continue to provide internal guidance and training to its staff on updates to GAAP.



Reference Number: 2021-8

Condition:

As of June 30, 2021, the Franchise Tax Board (FTB) understated personal income tax revenues by $4.2 billion and grant‑related expenditures by $2.9 billion in the general fund. In response to the COVID-19 pandemic, the Legislature passed the Golden State Stimulus trailer bill in February 2021, thereby requiring the State Controller’s Office (State Controller) to issue one‑time stimulus payments to qualified recipients. FTB incorrectly reported these grant payments totaling $2.9 billion as a reduction to personal income tax revenues, rather than as an expenditure of the general fund. Although FTB updated its initial estimated accruals for personal income tax revenues, it did not report all of the updated accruals to the State Controller, resulting in an understatement of $1.3 billion in revenues to the general fund.

FTB also understated corporation tax revenues by $6.4 billion in the general fund. Specifically, the new Small Business Relief Act allows certain pass‑through entities, such as partnerships, to be taxed at the entity level. Qualified taxpayers are then eligible to claim nonrefundable credits for the amount paid on their personal income tax returns. However, FTB did not accrue this new tax on pass‑through entities totaling $7.4 billion. Additionally, FTB overstated revenues in the general fund by recording an accrual duplicating $788 million in corporate estimated tax payments. Similar to the accruals for personal income taxes, FTB did not report all updated corporation tax accruals to the State Controller, resulting in an overstatement of $176 million in revenues to the general fund.

These errors occurred because FTB did not update its accrual methodologies to reflect changes in legislation, as we recommended in the prior fiscal year. Furthermore, FTB did not perform a thorough review of its accruals and resulting accounting entries, as we also recommended in the prior fiscal year. Finally, program staff preparing the accruals and the accounting department that is responsible for certain financial reporting do not have a sufficient understanding of generally accepted accounting principles (GAAP) governing non‑exchange transactions.

Criteria:

Government Code section 12461 requires the State Controller to issue an annual comprehensive financial report (ACFR) that is prepared in accordance with GAAP.

Codification of Governmental Accounting and Financial Reporting Standards section 1600 states that financial statements for governmental funds should be presented using the current financial resources measurement focus and the modified accrual basis of accounting, which requires revenues to be reported when they become available and measurable.

Codification of Governmental Accounting and Financial Reporting Standards section N50 Non‑Exchange Transactions paragraph 113 states that governments should recognize revenues from derived tax revenue transactions, net of estimated refunds. Paragraph 118 states that government providers of resources should recognize liabilities (or a decrease in assets) and expenses from voluntary non‑exchange transactions, when all applicable eligibility requirements, including time requirements, are met.

Recommendations:

To ensure that its financial statements are properly presented at fiscal year‑end and comply with GAAP, FTB should do the following:

  • Annually review and update its existing accrual methodologies to ensure that they are up to date and appropriate.
  • Institute a robust review process of the accrual calculations to ensure that they follow the established methodology and are free from errors.
  • Provide guidance and training to both program and accounting staff on the requirements of GAAP.
  • Improve the internal communications between program and accounting staff so that both groups have a thorough understanding of the accruals.

Department’s View and Corrective Actions:

FTB agrees with the finding and recommendations. FTB stated that it has incorporated an annual review of accrual methodologies into its procedures, and it plans to enhance the review process over the accrual calculations to ensure that they follow the established methodology and are free from errors. FTB also plans to provide additional guidance and training on the requirements of GAAP to its program and accounting staff. Finally, FTB stated that the Economic and Statistical Research Bureau would continue to collaborate with the Accounting Section to ensure that both groups have a thorough understanding of the accruals.



Reference Number: 2021-9

Condition:

The California Department of Public Health (CDPH) made significant errors in its year‑end accruals for two funds. As a result, the financial statements submitted by the department had misstatements that required correction. These errors occurred because of insufficient policies and procedures.

In its general fund, CDPH understated its accounts payable balance by $194.6 million. For one of its appropriations related to the COVID‑19 response, CDPH accounting staff relied on its program staff to identify which fiscal year an invoice belonged. This method resulted in invoices received after fiscal year‑end, for services provided prior to fiscal year end, being omitted from the fiscal year 2020–21 accruals. When we brought this issue to CDPH’s attention, it made correcting entries.

For its AIDS Drug Assistance Program (ADAP) Rebate Fund, CDPH incorrectly calculated its accounts receivable accrual, resulting in an overstatement of $213 million. Each quarter, CDPH invoices drug manufacturers for rebates on drugs purchased through the ADAP. Drug manufacturers calculate the rebate owed in accordance with its contracted price per unit and submit payment to CDPH. In preparing its accrual, CDPH accounting staff mistakenly included rebates already received on a cash basis. Although not material to its financial statements, this error remains uncorrected.

Criteria:

State Administrative Manual section 8291 requires departments to record accruals accurately and in a timely manner as part of an effective system of internal controls.

Recommendation:

CDPH should develop clear policies and procedures for how staff should prepare year‑end accruals and train its staff on how to follow such policies.

Department’s View and Corrective Actions:

CDPH agreed with our findings and recommendation. It stated that it has made updates to its procedures to prevent the miscalculation of accruals and has provided training to its staff. It also stated that it will be working closely with its program staff to ensure that it obtains accurate information needed to complete its year-end accruals.





Reference Number: 2021-10

Condition:

For fiscal year 2019–20, we reported that the Department of Parks and Recreation (State Parks) continued to be unable to reconcile its capital asset account balances for buildings and related improvements to a subsidiary inventory ledger and thus could not ensure that it was reporting complete and accurate information in the State’s annual comprehensive financial report (ACFR). During fiscal year 2020–21, State Parks still lacked an accurate and complete subsidiary ledger because it did not have policies and procedures to ensure that it maintains its records for buildings and related improvements in compliance with generally accepted accounting principles (GAAP). For fiscal year 2020–21, State Parks reported the same balances for all of its capital assets as it reported for fiscal year 2017–18. Nevertheless, based on the level of funding historically made available to State Parks, these issues do not currently pose a risk of a material misstatement to the State’s ACFR.

Since September 2021, State Parks has developed and communicated to staff various policies and procedures related to its capital assets. For example, it now has a section in its administrative manual that establishes procedures to ensure accurate and complete records of asset acquisition, control, and disposition. The manual also defines the capitalization criteria that State Parks staff should use when recording assets. Additionally, State Parks has developed and communicated instructions for conducting inventory counts and valuing assets. However, these policies and procedures do not include a methodology for determining the estimated historical cost of its roads and trails.

Although State Parks had made progress as of February 2023 in implementing some of the recommendations we made in prior years, it still had not yet completed a comprehensive inventory or updated its accounting records in the Financial Information System for California (FI$Cal). According to State Parks’ FI$Cal and special projects manager, State Parks began the process of conducting a statewide inventory of its assets in December 2021 by working to compile its asset information. She stated that State Parks provided the compiled asset information to its districts in December 2022 and established a deadline of May 1, 2023, for the districts to review the information and submit any needed corrections. She also said that the accounting and business management services divisions plan to complete a review of the districts’ inventory results by June 2023.

Until State Parks fully addresses these recommendations, it will continue to be unable to ensure the accuracy and completeness of the capital assets it reports for inclusion in the State’s ACFR.

Criteria:

Codification of Governmental Accounting and Financial Reporting Standards section 1400.102 states that capital assets should be reported at historical cost. The cost of a capital asset should include ancillary charges necessary to place the asset into its intended location and condition for use. Ancillary charges include costs that are directly attributable to asset acquisition, such as freight and transportation charges, site preparation costs, and professional fees. Donated capital assets should be reported at their acquisition value plus ancillary charges, if any.

Codification of Governmental Accounting and Financial Reporting Standards section 1400.104 states that capital assets should be depreciated over their estimated useful lives unless they are inexhaustible, are intangible assets with indefinite useful lives, or are infrastructure assets reported using the modified approach.

State Administrative Manual (SAM) section 8650.1 states that to maintain accountability of capital assets, departments are required to maintain a record of all property, whether capitalized or not, in a property accounting or inventory system.

SAM section 8650.2 states when capital assets are acquired, departments will record certain information in their systems, including the date acquired, property description, owner fund, and historical cost or other basis of valuation.

SAM section 7924 directs departments to reconcile acquisitions and dispositions of capitalized assets and property with the amounts they have recorded in their property register. The reconciliation should be done monthly or at least quarterly, depending on the volume of transactions.

SAM section 8652 states that departments are to make a physical count of all property and reconcile the count with their accounting records at least once every three years.

Recommendations:

To ensure that it properly reports its capital assets in its year‑end financial statements, State Parks should take the following actions:

  • Develop and communicate to staff a sound methodology for identifying and compiling relevant information about roads and trails, including asset values based on historical cost (or acquisition value for donated assets) and asset acquisition dates.
  • Conduct a comprehensive inventory of capital assets.
  • Update its subsidiary capital asset records in FI$Cal to reflect the results of the inventory and ensure that its year‑end financial reports reflect any necessary restatements.
  • In accordance with SAM section 8652, conduct a physical count of all property and reconcile the count with its accounting records at least once every three years.

Department's View and Corrective Actions:

State Parks agrees with the findings and stated it will take the following actions:

  • Work with subject matter experts to develop a standard per unit cost for roads and trails.
  • Complete a comprehensive inventory, which is currently underway, with all districts and divisions reviewing FI$Cal capital asset records.
  • Update its FI$Cal capital asset records to reflect any necessary restatements from its comprehensive inventory.
  • Conduct physical property inventories at least once every three years in accordance with SAM Section 8652.



Financial Audit Team for the State of California: Financial Report for the Fiscal Year Ended June 30, 2021, Report 2021-001, and the State of California: Internal Control and Compliance Audit Report for the Fiscal Year Ended June 30, 2021, Report 2021-001.1

Staff:
Theresa Farmer, CPA, Project Manager
Jim Sandberg-Larsen, CPA
Conor Bright, CPA
Nathan Briley, JD, CPA
Angela Dickison, CPA
Natalia Lee, CPA, CFE
Richard Marsh, CPA
Mateo Amaral
Paula Anisco
Lisa Ayrapetyan, CPA
Raj Bhandal
Amanda Chan
Anil Cherukara
Renee Davenport
Brian Dunn, CPA
Eliana Flores, CPA
Matt Gannon
Sarah Hartstrom, CPA
Kim Johnson
Parris Lee
Margaret Lumban-Gaol
Lisa Mironyuk
Vanessa Quintero
Luis Rodriguez
Mike Shorter, CPA
Harjot Singh

Data Analytics:
Brandon Clift, CPA
R. Wade Fry, MPA
Andrew Jun Lee

Legal Counsel:
Joe Porche