Report 2021-601
August 19, 2021

State High-Risk Audit Program
The California State Auditor’s Updated Assessment of Issues and Selected Agencies That Pose a High Risk to the State

August 19, 2021
2021-601

The Governor of California
President pro Tempore of the Senate
Speaker of the Assembly
State Capitol
Sacramento, California 95814

Dear Governor and Legislative Leaders:

As required by Government Code section 8546.5, my office presents this report about statewide issues and state agencies that represent a high risk to the State or its residents. Our work to systematically identify and address such high-risk statewide issues and agencies aims to enhance efficiency and effectiveness by focusing the State’s resources on improving the delivery of services related to important programs or functions.

We describe in this report seven high-risk statewide issues that include aspects of water infrastructure, information security, and state management of COVID‑19 federal funds. We also conclude that five state agencies meet our criteria for posing a high risk: the California Department of Corrections and Rehabilitation, the California Department of Technology, the California Department of Health Care Services, the California Department of Public Health, and the California State Teachers’ Retirement System. Finally, we have removed state oversight of K-12 education funding from our state high-risk list because the State has made sufficient progress toward controlling risk factors.

We will continue to monitor the risks we have identified in this report and the actions the State takes to address them. When the State’s actions result in significant progress toward resolving or mitigating such risks, we will remove the high-risk designation based on our professional judgment.

Respectfully submitted,

ELAINE M. HOWLE, CPA
California State Auditor




Selected Abbreviations Used in This Report

CA-MMIS California Medicaid Management Information System
CalSTRS California State Teachers’ Retirement System
CDCR California Department of Corrections and Rehabilitation
CDT California Department of Technology
CRF Coronavirus Relief Fund
CSU California State University
EDD Employment Development Department
Emergency Services California Governor’s Office of Emergency Services
Finance Department of Finance
FI$Cal Financial Information System for California
Health Care Services Department of Health Care Services
IT information technology
LAO Legislative Analyst’s Office
LCAP Local Control Accountability Plan
LCFF local control funding formula
MHSA Mental Health Services Act
OIG Office of the Inspector General
OPEB other postemployment benefits
PAL Project Approval Lifecycle
Public Health California Department of Public Health
Repair Act Road Repair and Accountability Act of 2017
State Controller State Controller’s Office
Transportation Commission California Transportation Commission
UC University of California
Water Resources Department of Water Resources


Contents

Issue or Agency Responsible Agency Report Section On List Since
Introduction
Retained on High-Risk List
State Management of COVID‑19 Federal Funds Various Agencies The State’s Management of COVID‑19 Federal Funds Has Led to Inefficiency and May Have Resulted in Substantial Fraud 2020
State Financial Reporting and Accountability Department of FI$Cal and Various Agencies The Transition to FI$Cal Continues to Pose a Risk to the State’s Financial Reporting and Accountability 2020
Higher Education—Affordability California State University and University of California Students’ Ability to Afford Higher Education in California Remains a Concern 2013
Information Security California Department of Technology and Various Agencies Weaknesses Persist in the State’s Information Security 2013
Water Infrastructure—Dam Safety and Water Reliability Department of Water Resources and the Governor’s Office of Emergency Services Aging Water Infrastructure Continues to Threaten Public Safety and Water Availability 2013
California State Teachers’ Retirement System—Fully Funding Retirement Benefits California State Teachers’ Retirement System CalSTRS Continues to Risk Being Unable to Fully Fund Retirement Benefits for Teachers 2011
California Department of Corrections and Rehabilitation—Providing Constitutionally Required Medical Care to Inmates California Department of Corrections and Rehabilitation CDCR Has Not Yet Demonstrated That It Can Provide Constitutionally Required Medical Care to Inmates 2007
Department of Health Care Services—Medi‑Cal Eligibility and Oversight of Mental Health Services Act Funds Department of Health Care Services Health Care Services Has Not Adequately Addressed Issues With Medi‑Cal Eligibility or Its Oversight of MHSA Funding and Programs 2007
California Department of Public Health—Safety of Residents in Long‑Term Health Care Facilities California Department of Public Health Public Health Has Not Addressed Certain Concerns That Could Affect the Health and Safety of Patients and the Public 2007
California Department of Technology—Information Technology Oversight California Department of Technology CDT Has Not Yet Demonstrated That It Has Improved Its Oversight of State IT Projects 2007
Other Postemployment Benefits—Fully Funding Retiree Health Care Benefits Department of Finance, California Department of Human Resources, and California Public Employees’ Retirement System The State Continues to Have a Significant Unfunded Retiree Health Care Liability 2007
Transportation Infrastructure—Road Conditions and Funding California Department of Transportation and California Transportation Commission Caltrans Must Sustain Progress in Improving Transportation Infrastructure Amid Limited Funding 2007
Removed From High-Risk List
K-12 Education—Oversight Related to Education Funding State Board of Education and California Department of Education The State Has Implemented Changes to Improve Oversight of Education Funding 2013





Introduction

Background

State law authorizes the California State Auditor (State Auditor) to develop a state high‑risk government agency audit program (high‑risk program). Our office implemented this program to improve the operation of state government by identifying, auditing, and recommending improvements to state agencies and statewide issues at high risk for waste, fraud, abuse, or mismanagement or for having major challenges associated with their economy, efficiency, or effectiveness. In accordance with this statutory authority, the State Auditor adopted regulations in 2016 that further describe the high-risk program. As we outline below, these regulations provide the criteria we used in determining the list of state high‑risk agencies and statewide issues we present in this report.

Criteria for Determining Whether a State Agency or Statewide Issue Merits a High-Risk Designation

State regulations outline the conditions under which an agency or issue may be included on the State Auditor’s high-risk list. All four of the following conditions must be present for us to assign the high-risk designation:

  • The potential waste; fraud; abuse; mismanagement; or impaired economy, efficiency, or effectiveness may result in serious detriment to the State or its residents.
  • The likelihood of waste; fraud; abuse; mismanagement; or impaired economy, efficiency, or effectiveness causing such harm is so great that it constitutes a substantial risk of detriment to the State or its residents.
  • The state agencies that are affected by or responsible for resolving the waste; fraud; abuse; mismanagement; or impaired economy, efficiency, or effectiveness are not taking adequate corrective actions to prevent the risk or its effects.
  • An audit and the agencies’ implementation of the resulting recommendations will significantly reduce the substantial risk of serious detriment to the State or its residents.

For both state agencies and statewide issues, we consider a number of factors in determining whether there is substantial risk to the State or its residents. We consider whether the risks are already causing detriment, whether those risks are increasing, and whether changes in circumstances are likely to cause detriment. We also consider various factors to determine whether the risks will have serious effects, such as loss of life, injury, or a reduction in residents’ overall health or safety; impairment of the delivery of government services; significant reduction in the overall effectiveness or efficiency of state government programs; and impingement of citizens’ rights. Finally, in evaluating whether agencies have taken adequate measures to correct previously identified deficiencies or whether the State has taken measures to reduce the risks posed by the issues, we consider factors such as whether the agencies have demonstrated a strong commitment to controlling or eliminating the risk and whether they have made significant progress through action already taken to control or eliminate the risk to the State. In all cases, our professional staff make the final determination of risk level based on their independent and objective judgment.

Removal of High-Risk Designation

We must remove the high-risk designation under either of the following circumstances:

  • A change in circumstances has resulted in the risk no longer presenting the potential for serious detriment to the State or its residents.
  • The agencies have taken sufficient corrective action to prevent or mitigate the risk of harm.

For example, we evaluate whether the agencies have defined the root causes of the risk and identified and implemented effective measures for eliminating those causes. We also analyze whether the agencies have processes for monitoring and validating the effectiveness and sustainability of corrective actions. When we determine that these actions have resulted in significant progress toward resolving or mitigating the high‑risk issue, we remove the high-risk designation. However, we must continue to monitor the issue. If the risk reoccurs, we will consider reinstating the high-risk designation using the factors described above. State law requires us to base the final determination of whether to remove a high-risk designation on our professional judgment.

State High-Risk Reports

Government Code section 8546.5 authorizes the State Auditor to audit and to publish audit reports on any state agency it identifies as high risk. In May 2007, we issued a report that provided an initial list of high‑risk state agencies and statewide issues, and we have since issued several reports updating the status of those agencies and issues. We published our most recent update to the state high-risk list in January 2020, but later designated the State’s management of federal funds related to COVID‑19 as a high-risk statewide issue in August 2020. Further, we include a list on our website of any audits of high‑risk state agencies and statewide issues that we are performing.

To update our assessment of high‑risk state agencies and statewide issues, we interviewed knowledgeable staff at the responsible state agencies to gain perspective on the extent of the risks the State faces. We also reviewed efforts that the staff at the agencies said were underway and intended to mitigate the identified risks. In addition, we reviewed reports and other documentation relevant to the issues and consulted other state agencies when appropriate.






Updated Assessment of High-Risk Issues and Agencies

The State’s Management of COVID‑19 Federal Funds Has Led to Inefficiency and May Have Resulted in Substantial Fraud

Background

We first designated the State’s management of federal funds related to COVID‑19 (federal COVID‑19 funds) as a high-risk statewide issue in August 2020 (2020-602) based on the significant amount of funding granted to the State, the urgent need for the funding, and the rapid nature of the allocation of this funding to state departments, among other factors. We previously identified 18 state departments that had received or were expected to receive a total of more than $71 billion in federal COVID‑19 funding to operate more than 35 federal programs. Several of these programs will receive or have received an amount of federal funding that exceeds their recent annual expenditures. Other departments expected to receive federal COVID‑19 funding for new programs, which increases the risks for the State, as new programs require departments to quickly establish new management controls. Because a significant amount of the federal COVID‑19 funding was directed at federal programs that provide assistance to individuals who are not working or have low incomes, failure by the departments that implement these programs to engage in adequate outreach efforts could have left Californians without medical care or money to pay for housing and food for themselves and their families. Furthermore, departments have faced significant hurdles in managing federal COVID‑19 funds, such as monitoring subrecipients or vendors, creating a high risk for inefficiencies and waste.

See this issue previously reported at http://auditor.ca.gov/reports/2020-602/index.html.


Area of Concern State Auditor 2021 Assessment Status
The State’s management of COVID‑19 federal funds Mismanagement of federal COVID‑19 funds by various state agencies has created a substantial risk to the State and its residents. Since we first designated the State’s management of federal COVID‑19 funds as a high-risk statewide issue, we performed audits of the Department of Finance (Finance), the Employment Development Department (EDD), and the California Department of Public Health (Public Health) related to these funds. In January 2021, we reported (2020-610)1 that Finance’s allocation of funds from the federal Coronavirus Relief Fund (CRF) had resulted in smaller counties receiving significantly less funding per person than larger counties. Because our review of COVID‑19 case data for all counties showed that the needs of many smaller counties were at least the same, if not greater, than the needs of larger counties, Finance’s inequitable allocation of CRF funds increased the risk that smaller counties’ COVID‑19-related funding needs were unmet.

We also reported in January 2021 (2020-628.2)2 that significant weaknesses in EDD’s approach to fraud prevention had led to billions of dollars in improper unemployment benefit payments. EDD did not take substantive action to bolster its fraud detection efforts for its unemployment insurance program until months into the pandemic, resulting in payments of about $10.4 billion for claims that it has since determined may be fraudulent. Specifically, EDD waited about four months to automate a key antifraud measure, took incomplete action against claims filed from suspicious addresses, and removed a key safeguard against improper payments without fully understanding the significance of the safeguard.

Our April 2021 audit (2020-612)3 of Public Health’s oversight of approximately $467 million in federal COVID‑19 funding found that, although the State met or exceeded targets for testing individuals for COVID‑19, contact tracing throughout the State lagged behind case surges that far exceeded the department’s initial planning. Fewer-than-expected tracing staff and an influx of new cases resulted in only a small fraction of COVID‑19 cases undergoing the full contact-tracing process. Because of the mismanagement of federal COVID‑19 funds by several state agencies, it remains a high-risk statewide issue.

Retained on high-risk list

Agency Comments

In August 2020, when we first designated the State’s management of federal COVID-19 funds as a high-risk statewide issue, our office invited the 18 state agencies we preliminarily identified as responsible for the management of federal COVID-19 funds to provide their perspectives. Most of the 12 agencies that provided responses explained that they did not believe that the management of federal COVID-19 funds was high risk for various reasons, including their existing monitoring, tracking, and reporting mechanisms for federal funds. Specifically, Finance indicated that it believes the State’s management of federal COVID-19 funds does not meet the regulatory criterion of presenting a substantial risk of serious detriment to the State or its residents.

Although we appreciate Finance’s perspective, given that the purpose of federal COVID-19 funds is to help Californians through a life-threatening pandemic that has upended the economy, and because we found cases in which these funds were mismanaged by state agencies, in our professional judgment, the risk of serious detriment is high.





The Transition to FI$Cal Continues to Pose a Risk to the State’s Financial Reporting and Accountability

Background

The accuracy and timeliness of the State’s financial reporting of its more than $200 billion in annual expenditures is of vital importance to the State’s residents and other stakeholders. One of the State’s mechanisms for assuring fiscal oversight and transparency is the financial statements that state agencies produce. The State Controller’s Office (State Controller) combines these statements into a required annual public report (annual financial report) that represents the financial position of the State and, combined with our office’s opinion of its accuracy, is an important tool for stakeholders, such as the State’s creditors, to use when making decisions that affect the State’s ability to borrow money affordably. The State has focused significant effort on modernizing its financial infrastructure through the implementation of a project known as the Financial Information System for California (FI$Cal), a nearly $1 billion information technology (IT) project that is currently under its ninth revision to its scope, schedule, and budget. A steering committee that includes representatives from various state agencies, such as Finance and the State Controller, governs the project, with the Department of FI$Cal (project office) providing day-to-day support for the system. Many of the state entities that have implemented FI$Cal have struggled to submit timely data for the State’s annual financial report, an issue that could ultimately limit the State’s ability to sell bonds without increased borrowing costs.

Because of the complexity of the project and the importance of its success, the State established multiple oversight mechanisms to ensure accountability. Specifically, the California Department of Technology (CDT) provides general oversight of the project, a consultant provides technical oversight, and the State Auditor’s Office issues FI$Cal monitoring reports at least annually that may include recommendations to the project office and CDT. In our January 2020 high-risk assessment (2019-601), we added state financial reporting and accountability as a high-risk issue because the transition to FI$Cal has diminished the State’s financial reporting and accountability and affected the State’s ability to issue timely financial statements, which could lead to increased borrowing costs.

See this issue previously reported in our January 2020 state high‑risk assessment report at http://auditor.ca.gov/reports/2019-601/chapters.html#pg5.


Area of Concern State Auditor 2021 Assessment Status
The State’s ability to produce timely financial reports during the transition to FI$Cal In our January 2021 letter report on FI$Cal monitoring (2020-039)4, we found that state agencies using FI$Cal still struggled to complete required financial reports on time. For the fiscal year 2018–19 reporting cycle, 12 large entities using FI$Cal, including the California Department of Education and EDD, did not submit timely reports to the State Controller because of difficulties with FI$Cal. Consequently, the State released its annual financial report several months late for the second year in a row. A late release of critical financial information increases the risk to the State of a lower credit rating, which could result in increased costs to taxpayers. In addition, we found that the project office has not fully addressed some of our recommendations to ensure that state agencies using FI$Cal produce timely financial reports. Because of the ongoing issues we have identified with the transition to FI$Cal, state financial reporting and accountability continue to pose a high risk to the State. Retained on high-risk list

Agency Comments

The project office issued a response on behalf of both itself and the steering committee, which includes representatives from Finance and the State Controller. The project office provided background information on the project’s recent accomplishments, noting that more than 150 departments use FI$Cal to pay bills and balance budgets on a daily basis. The project office acknowledged that there are challenges that stem from the expansive and complex system and that it is taking steps to address them. It highlighted steps it takes to assist departments with monthly reporting and to mitigate risks to the annual reporting process. The project office generally disagreed with our concern that delays in the release of audited financial reports increases the risk of a lower credit rating. It commented that the State provides additional updates on its financial status beyond just the annual financial report.

However, we stand by our conclusion that multiple years of delayed financial reporting increases the risk to the State of a lower credit rating, which could result in increased costs to taxpayers.





Students’ Ability to Afford Higher Education in California Remains a Concern

Background

As the State’s largest public university systems, which together enroll more than 777,000 students annually, the California State University (CSU) and University of California (UC) are responsible for a significant portion of higher education in California. In 1991 the Legislature declared that the State must commit to making higher education accessible and affordable for all Californians. In our January 2020 high-risk assessment (2019-601), we found that from 1992 to 2017, undergraduate tuition increased by about 340 percent at CSU and 440 percent at UC. We also found that recent data and studies have suggested that affordability continues to be a problem for students.

See this issue previously reported in our January 2020 high-risk assessment at http://auditor.ca.gov/reports/2019-601/chapters.html#pg32.


Area of Concern State Auditor 2021 Assessment Status
Students’ ability to afford higher education Students have experienced increases in the cost of attending public universities, which affects their ability to afford higher education. The total cost of attending a public university (cost of attendance) includes expenses such as tuition, fees, books, housing, food, and transportation. For academic years 2018–19 to 2019–20, the average cost of attendance for full-time undergraduate students who are California residents increased by approximately $1,010 (from $23,260 to $24,270) at CSU and by approximately $900 (from $32,890 to $33,790) at UC. Although tuition has remained flat at CSU and UC over recent years, increases in other costs, such as campus fees, food, and housing, have contributed to the rise in the average cost of attendance. Further, tuition at UC is scheduled to increase beginning in academic year 2022–23 for future students. Meanwhile, for academic years 2018–19 to 2019–20, average financial aid awards (scholarships and grants) for eligible students increased by only about $120 (from $8,510 to $8,630) at CSU and by approximately $230 (from $18,320 to $18,550) at UC.CSU did not have average financial aid award data for California-resident students only, so this figure includes data for both California-resident and nonresident undergraduate students.

Furthermore, students reported that they continue to experience a lack of consistent access to quality food or reduced food intake (food insecurity) as well as difficulties in obtaining adequate and reliable housing. Approximately 40 percent of students at CSU and UC reported experiencing food insecurity, and 11 percent of students at CSU and 4 percent of students at UC experienced homelessness. Additionally, increases in the cost of attendance likely have led students and their parents to take on more debt. Specifically, for academic years 2018–19 through 2019–20, the average annual loan amount for undergraduate education for California resident and nonresident students increased by approximately $190 (from $7,960 to $8,150) at CSU and by about $300 (from $8,860 to $9,160) at UC. Although CSU and UC have taken some steps to improve affordability, such as participating in federal and state financial aid reform efforts and not reducing the amount of system-provided aid they allocated for their students despite cuts in state funding, those actions have not fully addressed or resolved affordability challenges. Because of the increases in the cost of attendance, the level of food and housing insecurity among students, and the increase in average student debt, affordability of higher education continues to pose a high risk to the State.

Retained on high-risk list

Agency Comments

CSU indicated that it is keenly aware of the financial and other challenges faced by its students and that many expenses beyond tuition and fees, such as off-campus housing costs, are outside CSU control and are a hardship faced by many Californians. CSU also indicated that to address these challenges, it has participated actively in efforts to expand state-based grant aid and other federal and state programs to decrease the cost of attendance for students.

UC agrees that college affordability should continue to be a state priority and looks forward to working with state and federal stakeholders to ensure that college is accessible to students from all socioeconomic backgrounds. UC also stated that it will set aside a higher percentage of new revenue derived from the tuition increase for financial aid to generate additional support for its low and middle income students.





Weaknesses Persist in the State’s Information Security

Background

Information security refers to protecting information, information systems, equipment, software, and people from a wide spectrum of threats and risks. State law generally requires state entities within the executive branch that are under the Governor’s direct authority (reporting entities) to comply with the information security practices that the California Department of Technology (CDT) prescribes and to annually report to CDT on their compliance with these practices. However, state law does not apply these requirements to entities that fall outside of the Governor’s direct authority (nonreporting entities), such as constitutional offices and those in the judicial branch.

We first identified information security as a high-risk issue in September 2013 (2013-601)5, when we concluded that CDT was performing limited reviews to assess the security controls that reporting entities had implemented for their information systems. In our August 2015 follow-up report (2015-611)6, we noted that many reporting entities had poor controls over their information systems, placing some of the State’s most sensitive information at risk, and we made nine recommendations to CDT. In our January 2018 state high-risk assessment (2017-601)7, we reported that, although CDT had made some progress toward improving its oversight, reporting entities still had significant room for improvement, and their lack of compliance with the security standards remained a significant risk to the State. By October 2018, CDT had fully implemented all nine recommendations from our 2015 report. However, when we issued our January 2020 state high-risk assessment (2019-601), not enough time had passed since October 2018 to measure whether reporting entities had subsequently improved the security of their information.

See this issue previously reported in our January 2020 state high‑risk assessment report at http://auditor.ca.gov/reports/2019-601/chapters.html#pg25.


Area of Concern State Auditor 2021 Assessment Status
Deficiencies in the State’s information system controls State entities have not demonstrated adequate progress toward addressing deficiencies in their information system controls. Reporting entities continue to struggle with improving their information security status, as evidenced by their performance on a federally sponsored nationwide information security review. For example, reporting entities have self-reported weaknesses in their information security programs since at least 2018, rating themselves on average slightly below the federally recommended minimum level. Further, reporting entities have remained stagnant in their information security development, as the State’s average scores remained nearly unchanged between 2018 and 2020.

Nonreporting entities also need to improve their information security status. Specifically, we surveyed 31 nonreporting entities, and only four reported achieving full compliance with their chosen information security framework and standards. Further, three entities have not even adopted a framework or standards. Consequently, because weaknesses persist in information security controls across all types of state entities, information security remains a high-risk statewide issue.

Retained on high-risk list

Agency Comments

CDT agreed with our conclusion that information security should remain a high-risk statewide issue for the State due to the nature of the ever-expanding worldwide threat landscape and sophistication of threat adversaries as entities keep up and evolve their resiliency to withstand modern cyberattacks. CDT asserts that the federally sponsored nationwide information security review should not be relied upon as a true depiction of security posture because the information is self‑reported.

Although we agree with CDT’s position that objective assessments are necessary to fully measure the security posture, we disagree with their disregard of the self-assessments. CDT states that it expects to see advancement in the state cybersecurity programs in the next two years due to a change in its funding structure. However, each entity typically has an information security officer who is responsible for its cybersecurity program and who has helped prepare its self-assessments, and since that self‑reported information is already available, it should be incorporated into CDT’s evaluations.





Aging Water Infrastructure Continues to Threaten Public Safety and Water Availability

Background

State law vests the Department of Water Resources (Water Resources) with authority over dams within the State’s jurisdiction, which it oversees through its Division of Safety of Dams (Dam Safety Division). The division inspects more than 1,200 dams throughout the State, assigns them condition ratings, and identifies whether they pose a downstream hazard to life or property. Specifically, the Dam Safety Division rates each dam’s condition as Satisfactory, Fair, Poor, or Unsatisfactory, and identifies the downstream hazard it poses as ranging from Low to Extremely High. The dam’s condition rating assesses the dam’s physical condition, while the downstream hazard rating indicates the impact if the dam fails. Following the near failure of the Oroville Dam spillway in 2017, the Legislature amended state law to require that owners of dams with certain levels of downstream hazard develop emergency action plans (emergency plans) to address the potential loss of life and property damage following a dam failure. Each emergency plan must include one or more inundation maps, which illustrate the potential flooding that may result from dam failure. The California Governor’s Office of Emergency Services (Emergency Services) is responsible for approving emergency plans, and the Dam Safety Division is responsible for approving inundation maps. In our January 2020 high-risk assessment (2019‑601), we found that the condition of some of the State’s potentially most hazardous dams remained a concern and that Emergency Services and Water Resources had been slow to ensure the completion of emergency action planning.

In addition to concerns related to dam safety, the State’s ability to maintain reliable access to water remains a critical component of the overall risks to its water infrastructure. California has attempted to address water infrastructure and supply problems for more than a decade. One of its more recent efforts involved Water Resources and other entities developing the California WaterFix Project (WaterFix Project)—the State’s dual‑tunnel project to transfer water from the Sacramento River to California residents. The WaterFix Project was conceived in response to concerns about the environmental impact of transferring water through pumps in the Sacramento–San Joaquin Delta (Delta) and the need to improve the reliability and quality of the water supply. We previously reported in our January 2020 high-risk assessment that the WaterFix Project had experienced significant cost increases and legal challenges. In 2019 the Governor directed state agencies to study an alternative plan. As a result, the State transitioned to a new single-tunnel project called the Delta Conveyance Project. The Delta Conveyance Project is intended to protect and preserve a vital state water supply that is threatened by sea level rise, climate change, and seismic activity. We stated in our January 2020 high‑risk assessment that we would continue to monitor the eventual effect of a one-tunnel project on the State’s water infrastructure.

See this issue previously reported in our January 2020 state high-risk assessment report at http://auditor.ca.gov/reports/2019-601/chapters.html#pg13.


Area of Concern State Auditor 2021 Assessment Status
The State’s ability to ensure dam safety The condition of some of the State’s potentially most hazardous dams and the related emergency planning remains a concern. As of May 2021, the Dam Safety Division indicated that 111 dams in the State have less than a Satisfactory condition rating (that is, there is some level of deficiency and further action may be or is necessary); 89 of those dams have hazard ratings of Significant or above, indicating risk to life or property should the dams fail. Although the Dam Safety Division has made significant progress in the number of inundation maps it has approved since our last report—approving maps for nearly 80 percent of all dams requiring them—more than 100 dams still have not submitted the required inundation maps for review, and almost 90 maps are currently under review.

Further, Emergency Services has not approved the majority of emergency plans, even though state law required many dam owners to submit them more than three years ago. Out of the nearly 900 required emergency plans, Emergency Services had received and reviewed about 400. However, as of July 2021, Emergency Services had approved only 107 emergency plans, or about 12 percent of all dams required to submit them. Emergency Services’ data show that it has had to return many plans to dam owners for revision, which likely has contributed to the delay. As a result, more than 220 dams with downstream hazard ratings of Extremely High—whose emergency plans were due to be submitted January 1, 2018—still do not have an approved emergency plan. An Extremely High hazard rating means a dam’s failure would be expected to cause considerable loss of human life or result in inundation of an area with a population of 1,000 or more people or of critical infrastructure. Until the condition ratings of dams improve and the State substantially completes its approval of emergency plans, water infrastructure in the State will continue to pose a significant risk to the public.

Retained on high-risk list
The State’s ability to ensure the reliability of the existing water supply With the Delta Conveyance Project years away from being completed, we continue to be concerned about the State’s ability to maintain reliable access to water. Water Resources is in the process of completing an environmental review for the Delta Conveyance Project, and it anticipates completing this stage of planning in spring 2023. The project is estimated to cost about $16 billion in total. Similar to the State’s past efforts to address water reliability, the project will likely face challenges related to funding and the timeline for completion. Given that the project is in the nascent planning stages and has not yet provided a solution to the state water supply issue, we will continue to monitor this high-risk statewide issue. Retained on high-risk list

Agency Comments

Emergency Services stated that dam owners submitting late or incomplete emergency plans are a leading cause of its slow completion of emergency action planning, but it asserts that it has met its statutory deadlines. It stated that it takes steps to help dam owners submit complete and timely emergency plans by providing them with guidance and tools, including a template, a review checklist, and an example for completing emergency plans. It emphasized that although the law required owners to have submitted nearly 900 plans as of January 2021, only 262 plans were required as of January 2018.

However, we found that those 262 plans are for dams with downstream hazard ratings of Extremely High, and more than 220 still do not have an approved emergency plan. Because the State has not yet substantially completed its approval of emergency plans, its water infrastructure continues to pose a significant risk to the public.

Water Resources did not issue a written response to the draft report.





CalSTRS Continues to Risk Being Unable to Fully Fund Retirement Benefits for Teachers

Background

The California State Teachers’ Retirement System (CalSTRS) is responsible for providing California’s comprehensive retirement plan for its teachers and other school employees, and it is one of the largest public pension funds in the nation. Its primary retirement plan, the Defined Benefit Program, provides income to its retired members and receives funding from the State, employers such as school districts, and active members. CalSTRS uses the funding it receives to generate investment income, which it uses to help pay retirement benefits. As a pension fund, CalSTRS operates on a long‑time horizon, working to guarantee benefit payments in the future, after its current members retire. According to CalSTRS, the most financially prudent way to provide such benefits is to fund the Defined Benefit Program fully by maintaining sufficient assets to cover all payments the program is obligated to make. Despite this goal, CalSTRS does not have the assets to cover these expected payments—this is CalSTRS’s unfunded liability.

In our January 2020 high-risk assessment (2019-601), we retained CalSTRS as a high-risk agency, in part because of the significant length of time before the State will be able to fully fund its retirement obligations to California’s teachers. As of June 2020, the unfunded liability for employers and the State was roughly $97 billion based on CalSTRS’s audited financial statements. To address this shortfall, CalSTRS is currently implementing a funding plan that it expects will fully fund the program by 2046 through incremental increases in contributions shared among the program’s three contributors: active CalSTRS members, employers, and the State. However, the funding plan relies on CalSTRS’s investments to achieve their expected levels of return over the remaining years of the plan.

See this issue previously reported in our January 2020 state high‑risk assessment report at http://auditor.ca.gov/reports/2019-601/chapters.html#pg53.


Area of Concern State Auditor 2021 Assessment Status
CalSTRS’s ability to adjust contribution rates CalSTRS is at risk of not fulfilling its plan to fully fund its Defined Benefit Program because of its limited ability to adjust contribution rates. As a result of a state law that limits CalSTRS’s ability to modify state and employer contribution rates, CalSTRS will be constrained in its ability to make up for future economic downturns. When investment returns are below expectations, the unfunded liability increases, requiring additional contributions to bridge the gap. The funding plan allows CalSTRS to gradually increase state and employer contributions by fixed percentages of employee compensation. However, in March 2021, the Legislative Analyst’s Office (LAO) reported on CalSTRS’s funding plan and concluded that CalSTRS’s likelihood of successfully eliminating its unfunded liability by 2046 is adversely affected by its limited authority to increase the State’s contribution rates. Accordingly, the LAO recommended that the Legislature allow CalSTRS to increase the State’s rate by more than 0.5 percent annually—the current statutory limit. Under this current limit, CalSTRS risks not being able to achieve full funding. Therefore, CalSTRS remains a high-risk agency for the State. Retained on high-risk list
Investment returns Failure to achieve its projected investment returns over the long term presents a significant risk to CalSTRS’s ability to fully fund the Defined Benefit Program. The financial impact of the COVID‑19 pandemic and the economic slowdown that has occurred as a result is an example of the risk from investment volatility that CalSTRS faces. CalSTRS stated that although large fluctuations in the annual investment returns are normal and expected, those fluctuations can have a significant impact on projected funding levels. Although CalSTRS has reported a higher rate of return than expected on its investments over the past fiscal year and still expects to fully fund the Defined Benefit Program by 2046, the potential volatility of its investment returns makes its ability to do so a continued high risk. Therefore, CalSTRS remains a high-risk agency for the State. Retained on high-risk list

Agency Comments

In general, CalSTRS concurred with our assessment of the risks and status of CalSTRS’s unfunded liability. CalSTRS stated that it will continue to assess and manage the risks associated with fully funding the Defined Benefit Program and provide regular reports, as required.





CDCR Has Not Yet Demonstrated That It Can Provide Constitutionally Required Medical Care to Inmates

Background

The California Department of Corrections and Rehabilitation (CDCR) operates 35 prisons that housed about 96,000 inmates as of April 2021. In 2005 a federal court found that California’s inmate medical care system had violated the U.S. Constitution’s prohibition against cruel and unusual punishment, resulting in significant harm to the State’s inmate population. To remedy problems regarding the constitutionality of the care that CDCR was providing, the court appointed a federal receiver (receiver) to take control of CDCR’s medical care system until CDCR could demonstrate the will, capacity, and leadership to maintain a constitutional system of care. In March 2015, a federal court ordered the receiver to make ongoing determinations about whether to return to CDCR authority over medical care at institutions. Specifically, the court ordered the receiver to consider independent reports for each institution issued by CDCR’s Office of the Inspector General (OIG) and various internal CDCR data when making its decisions. In our January 2020 high‑risk assessment (2019-601), we reported that CDCR had yet to regain authority over the health care at 16 of its 35 institutions.

See this issue previously reported in our January 2020 state high‑risk assessment report at http://auditor.ca.gov/reports/2019-601/chapters.html#pg37.


Area of Concern State Auditor 2021 Assessment Status
CDCR’s ability to provide constitutionally required medical care to inmates The number of CDCR institutions under federal receivership has not changed since our last state high-risk assessment. In our January 2020 high-risk assessment, we reported that 16 of CDCR’s 35 institutions remained in federal receivership. As of June 2021, when the receiver published its most recent report, the same number of institutions were still under federal receivership. Further, CDCR’s OIG has not finished performing its reviews of the health care provided by the 35 prisons for the current cycle, which began in 2019; it had issued reports for nine of the 35 prisons as of June 2021. The receiver must consider these OIG reports on the adequacy of inmate medical care, among many other sources of data, when making a determination as to whether to delegate responsibility back to CDCR. Because the receiver has reported that about 45 percent of CDCR’s institutions are still under federal receivership, we conclude that CDCR has not demonstrated that it has remedied concerns regarding its ability to provide constitutionally required medical care to inmates. Retained on high-risk list

Agency Comments

CDCR indicated that it has reviewed the draft report and did not have any comments.





Health Care Services Has Not Adequately Addressed Issues With Medi‑Cal Eligibility or Its Oversight of MHSA Funding and Programs

Background

The Department of Health Care Services (Health Care Services) is responsible for overseeing the State’s implementation of the federal Medicaid program, known in California as Medi‑Cal. Medi‑Cal provides comprehensive health care services—such as emergency, laboratory, and preventive care—for certain eligible groups, such as low-income individuals and families. Our office previously issued audit reports in October 2018 (2018-603)8 and October 2020 (2019-002)9 that identified discrepancies between state and county Medi‑Cal eligibility systems resulting in at least $4 billion in questionable payments. We also found that Health Care Services had not implemented the controls or processes necessary to identify problems with Medi‑Cal eligibility, such as a process for monitoring county welfare agencies’ progress in addressing eligibility discrepancy alerts.

Further, in 2012 Health Care Services received new oversight responsibilities under the Mental Health Services Act (MHSA), which expanded services and treatment for those who suffer from or are at risk of serious mental illness. We performed an audit related to MHSA in August 2013 (2012-122)10 and identified deficiencies in state oversight of the implementation of MHSA funding, including inadequate data collection from county programs. We also performed an audit in February 2018 (2017-11711) and found that, despite having responsibility for MHSA since 2012, Health Care Services had not developed processes to recover unspent funds from local mental health agencies. As a result, these agencies had amassed hundreds of millions of dollars in unused funds that could otherwise have supported critical mental health services. In our January 2020 high-risk assessment (2019-601), we reported that Health Care Services remained a high-risk agency because it had not corrected discrepancies in its Medi‑Cal eligibility system, nor had it provided adequate oversight regarding the use of MHSA funds.

See this issue previously reported in our January 2020 high-risk assessment at http://auditor.ca.gov/reports/2019-601/chapters.html#pg40.


Area of Concern State Auditor 2021 Assessment Status
Medi‑Cal eligibility Health Care Services has not adequately addressed issues with Medi‑Cal eligibility. The agency began taking some steps to resolve previously identified discrepancies in its Medi‑Cal eligibility system but suspended these efforts in March 2020 due to the COVID‑19 public health emergency. Our July 2021 audit report (2020-613)12 found that the number of eligibility discrepancies has increased since the start of the COVID‑19 pandemic and that Health Care Services is not doing enough to resolve eligibility questions about Medi‑Cal beneficiaries. Retained on high-risk list
Oversight of MHSA funds and programs Health Care Services still has not fully addressed the MHSA oversight deficiencies that we previously identified. It has failed to fully implement recommendations dating back to 2013 regarding the need to implement regulations related to fiscal audits and to improve the quality of MHSA program data. These recommendations are intended to help Health Care Services evaluate the effectiveness of MHSA programs and ensure that counties are spending MHSA funds appropriately. Although Health Care Services indicated that it has made progress on addressing these recommendations, including undertaking efforts to improve data collection from counties, these efforts are incomplete. Specifically, Health Care Services has not made significant progress in conducting fiscal audits of counties’ uses of MHSA funds (MHSA fiscal audits) and has not completed efforts to improve data collection from counties that would allow the State to effectively evaluate the quality of local MHSA programs. Without effective processes for conducting MHSA fiscal audits or collecting complete and accurate data from counties, Health Care Services lacks assurance that counties are spending MHSA funds appropriately and therefore remains a high-risk state agency. Retained on high-risk list

Agency Comments

Health Care Services stated that the current federal mandate requires states to pause negative actions for Medi-Cal beneficiaries who lose eligibility to the program during the public health emergency, which limits its ability to perform regular monitoring activities. Health Care Services also stated that it continued to provide pilot counties with an updated report of alerts on a monthly basis, and it instructed counties to take action on alerts when allowable. Health Care Services indicated that it provided counties with written guidance specifically indicating when the termination of Medi-Cal benefits is appropriate. Finally, Health Care Services stated that it will resume and expand oversight activities after the termination of the public health emergency.

Health Care Services also indicated that it continues to make progress toward addressing our recommendations regarding MHSA oversight deficiencies. Health Care Services stated that the preliminary draft of its MHSA fiscal audit and appeal regulations is currently under review internally. The draft package still requires additional review by other agencies, which Health Care Services indicated it will expedite, to the extent possible. Health Care Services anticipates submitting the public notice announcing the proposed MHSA audit and appeal regulations and the 45-day public comment period by December 2021. Health Care Services also indicated that it continues to make progress toward improving county data collection efforts, including developing online training courses to help counties with entering data and interpreting the data quality reports.





Public Health Has Not Addressed Certain Concerns That Could Affect the Health and Safety of Patients and the Public

Background

Public Health’s stated mission is to advance the health and well‑being of California’s diverse people and communities. The agency is responsible for regulating certain health care facilities, such as hospice and skilled nursing facilities, and for the certification of certain individuals who provide care at those facilities. Public Health is also required to investigate complaints about long‑term health care facilities and about certain individuals who provide care at those facilities. In our January 2020 high‑risk assessment (2019‑601), we reported that Public Health remained a high‑risk agency because it had not implemented a number of our recommendations from past reports. These recommendations are intended to improve Public Health’s complaint processing, ensure that it has adequate staffing levels to allow prompt investigation of complaints, and ensure that it issues timely citations.

See this issue previously reported in our January 2020 high-risk assessment at http://auditor.ca.gov/reports/2019-601/chapters.html#pg44.


Area of Concern State Auditor 2021 Assessment Status
Oversight of long‑term care facilities Public Health has not fully implemented some key recommendations intended to protect patients in health care facilities and to improve its handling of critical complaints and investigations. In our October 2014 audit report on Public Health’s investigations of complaints (2014-111)13, we found that Public Health did not complete investigations of complaints promptly and that it had not completed staffing analyses to determine how many staff it needs to promptly investigate complaints. As of October 2020, Public Health had not implemented some key recommendations from our October 2014 report related to improving complaint processing and ensuring adequate staffing levels, including one recommendation it said it will not implement. Public Health provided figures that showed the average age of pending investigations nearly doubled between January 2019 and March 2020. By December 2020, after the Centers for Medicare and Medicaid Services suspended nonemergency inspections beginning in March 2020 due to the COVID‑19 public health emergency, the average age of pending investigations had increased by an additional 75 percent.

In addition, in our May 2018 audit report on the quality of care in skilled nursing facilities (2017-109)14, we identified an additional area of concern related to Public Health’s failure to issue timely citations for facility noncompliance that it identified during its inspections. We recommended that Public Health issue citations in a more timely manner, especially for deficiencies involving immediate jeopardy to patients that resulted or could have resulted in death, serious injury, or harm to patients. As of October 2020, Public Health had not fully implemented this recommendation. Because Public Health has not fully implemented key recommendations that are essential to protect the health, safety, and well-being of residents in long-term health care facilities, it remains a high-risk state agency.

Retained on high-risk list

Agency Comments

Public Health discussed the COVID-19 pandemic as a reason its complaint backlogs grew and its timely complaint or investigation completion rates declined. Public Health also described several efforts it is making to address its complaint backlog and to meet its staffing needs.

However, as we indicate in our assessment, Public Health has not implemented relevant recommendations from a report we issued in 2014, and for the period immediately before the pandemic, between January 2019 and March 2020, the average age of pending investigations nearly doubled. Until Public Health has fully implemented key recommendations necessary to protect patients in health care facilities and to improve its handling of critical complaints and investigations, it remains a high-risk agency.





CDT Has Not Yet Demonstrated That It Has Improved Its Oversight of State IT Projects

Background

The California Department of Technology (CDT) is responsible for approving, overseeing, and monitoring state IT projects, as well as completing regular oversight reports detailing projects’ progress compared to their objectives, scope, schedule, and cost. In 2016 CDT implemented a multistage process called the Project Approval Lifecycle (PAL), which was intended to address risks of project failure by bolstering project planning. However, in our January 2020 high-risk assessment (2019-601), we reported that CDT had not yet demonstrated that PAL has been effective on highly critical and complex projects.

In addition, some state IT projects have incorporated alternative development approaches, such as agile and modular development (adaptive approaches), for which some state agencies lack significant experience, especially on large and complex projects. While the waterfall approach that the State has more commonly used emphasizes fully planning the IT project scope at the outset, the agile approach allows for the solution to a business problem to evolve over the life of a project. A modular approach divides a project into smaller component parts instead of building the entire system at once. In our December 2020 California Medicaid Management Information System (CA-MMIS) letter report (2020‑043)15, we noted that CDT was in the very early stages of creating standards for overseeing state agencies’ projects that are being developed using an adaptive approach.

See this issue previously reported in our January 2020 high-risk assessment at http://auditor.ca.gov/reports/2019-601/chapters.html#pg23.


Area of Concern State Auditor 2021 Assessment Status
PAL’s effectiveness In our January 2020 high-risk assessment, we raised concerns about the need for the PAL process to demonstrate consistent success across projects of varied importance, including highly critical and complex projects. We stated that projects CDT approved before implementing PAL have experienced significant delays and cost increases. CDT gave us a cost analysis of implemented projects that have undergone the PAL process as of June 15, 2021. However, the analysis does not include an assessment of project schedules or scopes, nor does it include any highly critical and complex projects. According to the deputy state chief project officer within CDT’s Office of Statewide Project Delivery (chief project officer), although the preliminary analysis seems positive, CDT needs to do more research and to wait for additional projects to complete the PAL process before it can determine whether this process improves project outcomes. Because the effectiveness of PAL remains unclear, we are retaining CDT as a high-risk state agency. Retained on high-risk list
Oversight of projects that use adaptive approaches CDT has not yet completed development of its reporting and monitoring process for projects that use adaptive approaches, such as agile and modular development. State agencies have been using adaptive approaches for some large and complex IT projects. For example, CA-MMIS and FI$Cal are using these adaptive approaches at least in part. However, in past reports we have identified areas of ongoing risks in both projects. In our December 2020 report on the CA-MMIS project, CDT indicated that it was developing a process for annual reporting and monitoring of projects that are using an adaptive approach, such as those employing modular development. CDT has begun developing proposed changes to its oversight process to create guidance for such projects, and it expected to begin a pilot program in July 2021. Additionally, CDT provided an example of one project that it expects will progress through the pilot program. However, CDT does not expect to complete the pilot until June 2023, and it does not expect to start fully implementing the proposed process until January 2024. CDT describes the pilot as an initial small-scale implementation of its new oversight process on projects of various sizes and levels of complexity and in different stages of implementation to verify whether its proposed process for overseeing adaptive projects is effective. According to CDT’s pilot scope description, one of the pilot’s objectives will be to incorporate feedback from external stakeholders when evaluating the usefulness of the proposed changes. Given that CDT is already overseeing projects that are using adaptive approaches but has not yet completed development of its reporting and monitoring process for these kinds of projects, CDT continues to be a high-risk state agency. Retained on high-risk list

Agency Comments

CDT agreed that effective oversight is crucial for the success of California’s IT projects. CDT asserted that the principles of PAL were applied to assist with rapid planning, procurement, and implementation of several pandemic-related solutions in a time of crisis, such as the MyTurn system that assists individuals with scheduling a COVID-19 vaccination and tracks vaccines in the State. CDT indicated that it has adapted its oversight function to transition to agile and modular implementation strategies, and it tailors PAL engagements as needed to prioritize success for individual projects. CDT stated that the High-Risk assessment fails to capture the complexity or measure the scope and success of PAL because the assessment is focused narrowly on PAL planning activities for projects that were subject to CDT’s independent oversight.

However, we focused our assessment on projects that are critical and complex because they pose a greater risk to the State. We note in our assessment that CDT has not adequately analyzed critical and complex projects to demonstrate the effectiveness of PAL in improving project outcomes and has not yet completed development of its reporting and monitoring process for projects using adaptive approaches.





The State Continues to Have a Significant Unfunded Retiree Health Care Liability

Background

The State provides certain benefits—known as other postemployment benefits (OPEB)—as part of the retirement package it offers state employees who reach certain thresholds of service. OPEB consists of additional benefits beyond pensions, such as paying for medical insurance premiums. Historically, the State has generally used a pay-as-you-go funding method for OPEB, paying only for the current year’s benefit expenditures rather than prefunding the health benefits it will be obligated to pay for its employees when they retire. As a result, the State’s OPEB liability—the estimated total cost for all retiree benefits that it must pay in the future—has grown substantially. Current state law generally calls for the State to share equally in the prefunding of retiree health benefits with its participating employees, through contributions to be deposited in a trust fund. The law prohibits the use of money in that fund to pay benefits until OPEB liabilities are fully funded or July 2046, whichever comes first. Several key agencies are involved in executing the State’s prefunding plan. These include Finance, the California Department of Human Resources, and the California Public Employees’ Retirement System. In our January 2020 high‑risk assessment (2019-601), we determined that the State’s OPEB liability remained a high-risk issue because of the length of time necessary to complete its multibillion-dollar plan to fund retiree health care.

See this issue previously reported in our January 2020 high-risk assessment at http://auditor.ca.gov/reports/2019-601/chapters.html#pg57.


Area of Concern State Auditor 2021 Assessment Status
Fully funding retiree health care benefits Although the State has taken steps to prefund its retiree health benefits, including sharing the cost of prefunding by collecting contributions from its participating employees, it continues to have a substantial unfunded OPEB liability. According to the State’s June 2019 actuarial valuation report, the OPEB fund balance remains low at $1.6 billion, which is less than 2 percent of the most recently calculated liability of about $93 billion. Further, the OPEB liability has increased by roughly $7 billion over the previous year due to changes in the assumed rate of return on investments and other factors, such as an increase in retirements and changes in health care-related economic assumptions.

The length of time required under the State’s prefunding plan to fully fund its OPEB liability creates uncertainty about the State’s ability to do so. For example, in response to the impact of the COVID‑19 pandemic, the State suspended contributions to the OPEB trust fund by employees represented by certain bargaining units until as late as June 2022. The State has since renegotiated these agreements, ending the suspension in July 2021. Although the State included more than $600 million in the fiscal year 2021–22 budget to make up for the suspended employee contributions, unexpected future financial crises could result in funding suspensions that are not subsequently covered. Further, although the OPEB trust fund had a one-year rate of return well above expectations, the State could face additional challenges in meeting its funding target if it does not achieve its expected rate of return on its prefunded assets over the long term. As a result, OPEB remains a high-risk issue, in large part because of its substantial unfunded liability and the uncertainty about the State’s ability to fully fund it.

Retained on high-risk list

Agency Comments

Finance acknowledged that the State has a substantial unfunded OPEB liability, but stated in its response that it believes that the OPEB liability reported in future years will decrease as the State and employees continue to make contributions. It says that the fund balance will approach $5.9 billion by the end of fiscal year 2021–22. Finance stated that it does not believe that the suspension of employee contributions during the COVID-19 pandemic is representative of the response to future crises, or that it placed the State at risk of not meeting future obligations.

However, we stand by our position that the low current funding level and potential for unexpected financial crises during the time it will take to fully fund the OPEB liability indicate that this issue remains high risk.

CalHR acknowledged that the OPEB liability remains a high risk due to the length of time required to fully fund it, investment volatility, and the low current funding level. However, CalHR highlighted in its comments the end of the suspension of employee contributions and the $600 million included in the budget to make up for the previous year’s suspended employee contributions as recent steps the State has taken to mitigate the risks.

CalPERS did not provide written comments to our draft report.





Caltrans Must Sustain Progress in Improving Transportation Infrastructure Amid Limited Funding

Background

The California Department of Transportation (Caltrans) and the California Transportation Commission (Transportation Commission) are generally responsible for ensuring that the State’s transportation infrastructure is in good condition. Caltrans plans, develops, maintains, and operates the statutorily designated California State Highway System (state system). The state system includes 49,700 lane miles of pavement, 13,200 bridges, 213,000 culverts and drainage facilities, and nearly 21,000 transportation management system assets. The Transportation Commission is responsible for funding the construction of highway, transit, and active transportation improvements, such as biking and walking paths, throughout California.

To improve California’s transportation system, the State enacted the Road Repair and Accountability Act of 2017 (Repair Act) to, among other things, provide increased revenue from an additional tax on fuel and an additional fee for vehicle registration. According to Caltrans, a majority of its state and federal funding is collected through fuel taxes, including the Repair Act funds. The Repair Act expressed the Legislature’s intent for Caltrans, by the end of 2027, to achieve certain performance outcomes related to repairing pavement, potholes, culverts, bridges, and transportation management systems. The Repair Act also established certain reporting requirements and an inspector general within Caltrans who is responsible for ensuring that Caltrans administers programs efficiently, effectively, and economically. State law requires that Caltrans publish a State Highway System Management Plan (management plan) every two years that describes Caltrans’s efforts to meet state and federal asset management requirements, including those from the Repair Act. In our January 2020 high‑risk assessment (2019-601), we reported that Caltrans and the Transportation Commission had not yet demonstrated sustained progress toward ensuring that the State’s roads are in good repair.

See this issue previously reported in our January 2020 high-risk assessment at http://auditor.ca.gov/reports/2019-601/chapters.html#pg19.


Area of Concern State Auditor 2021 Assessment Status
Progress toward ensuring that the State’s roads are in good repair Although Caltrans and the Transportation Commission have reported progress toward meeting the Repair Act goals for improving the state system since we issued our previous report, they will need to sustain that progress for the next six years in order to fully meet these goals within the required time frame. Caltrans reported in 2021 that it has met its Repair Act goal for bridges, it is on track to meet the Repair Act goals for pavement condition and transportation management systems, and it is currently monitoring its progress toward meeting Repair Act goals for culverts. Caltrans indicates that it expects to complete its initial assessment of culverts in 2023. Caltrans has reported its Repair Act progress semiannually to the Transportation Commission, and the Transportation Commission has submitted annual reports to the Legislature in which it publishes Caltrans’s progress toward meeting the Repair Act’s 10-year performance targets.

Additionally, Caltrans’s inspector general now provides oversight and has reported that it has identified and initiated audits in its fiscal year 2020–21 audit plan that will assess Caltrans’ ability to meet its Repair Act performance goals. In its fiscal year 2019–20 summary of audit findings, the inspector general reported that Caltrans had implemented processes and systems to report on pavement conditions and Caltrans’s progress toward achieving the Repair Act performance targets. However, Caltrans will need to maintain its progress for the next six years to meet its 2027 performance goals established by the Repair Act. Therefore, we are retaining this statewide issue on the high-risk list.

Retained on high-risk list
Funding for the state transportation system’s maintenance needs Maintenance needs for the state transportation system exceed the available funding. In 2021 Caltrans published a draft of its management plan in which it projected a $6.1 billion annual funding shortfall over the next 10 years, which is significantly larger than the $3.6 billion annual shortfall it projected in 2019. Caltrans attributes this increased shortfall, in part, to the addition of new performance objectives, such as incorporating the impacts of rising sea levels on the state system, which Caltrans did not include in its previous management plans. According to the management plan, Caltrans is currently focusing available funding on core system assets, such as roads and bridges, to achieve the Repair Act performance targets. However, Caltrans may face additional funding challenges. In its 2020 report, Transportation Funding in California, Caltrans wrote that as more people turn to electric vehicles, fuel tax revenues will decrease, affecting funding for the transportation network. Given that Caltrans must demonstrate sustained progress toward meeting the State’s maintenance needs and expects funding challenges, transportation infrastructure continues to be a high-risk statewide issue. Retained on high-risk list

Agency Comments

Caltrans indicated that while initial implementation of Repair Act provisions and limited availability of progress reporting warranted the high-risk designation in the State Auditor’s previous high-risk assessment, Caltrans has made significant progress since then in establishing comprehensive procedures resulting in improving conditions in the state system. It asserted that the performance-based asset management framework in conjunction with the frequent assessments, reporting, and oversight have led to a transparent process where risks are identified, managed, and communicated to all stakeholders. Considering the progress toward better conditions, Caltrans believes that the risks that originally placed transportation infrastructure on the High‑Risk list have been mitigated.

Caltrans also does not believe that the unfunded need presented in the management plan increases the risk of not achieving Repair Act performance targets because it has prioritized investments with Repair Act funds toward pavement, bridges, culverts, and transportation management system elements, and the needs for these primary assets have been steadily declining each year since the passage of the Repair Act. Caltrans also indicated that the Repair Act introduced a per‑vehicle registration fee for electric vehicles to offset some of the impact of lost fuel sales. Caltrans stated that although the gradual erosion of funding under the current fuel tax model will need to be addressed, it does not see this as limiting its ability to achieve the performance targets of the Repair Act.

Nevertheless, because we found that Caltrans must demonstrate sustained progress toward meeting Repair Act targets over the next six years and expects funding challenges, transportation infrastructure remains a high-risk statewide issue.

While Transportation Commission staff concurs with our assessment of retaining the items related to transportation infrastructure on the high-risk list, they do not dispute the information provided in Caltrans’ response about their current progress toward meeting the Repair Act targets.






The State Has Implemented Changes to Improve Oversight of Education Funding

Background

California’s public education system serves about 6 million children in kindergarten through 12th grade. In 2013 the State established the local control funding formula (LCFF) and its accountability tool, the Local Control Accountability Plan (LCAP), to improve student performance and to address achievement gaps of particular student groups (intended students)—including English learners and youth in foster care. LCFF shifted the education system from a state-controlled system to a locally controlled one focused on improved outcomes for students. The State Board of Education is the State’s K–12 policymaking body and adopts academic standards, assessments, and templates for LCAPs. The role of the California Department of Education is to provide oversight to the State’s public school system and enforce education law and regulations.

In 2013 we designated K–12 public education as high risk, in part because of potential challenges that could arise from the 2013 change in funding (2013-604).16 In March 2019, the Joint Legislative Audit Committee directed the State Auditor to conduct an audit to assess LCAPs and determine whether school districts were appropriately distributing and spending LCFF funds. In our report published in November 2019 (2019-101)17, we found that the State had not required school districts to sufficiently track how they spend their LCFF funding and that their LCAPs did not always include clear information regarding how their respective districts’ spending would benefit intended students. In our January 2020 high-risk assessment (2019-601), we said we would monitor the implementation of the recommendations resulting from that report.

See this issue previously reported in our January 2020 high-risk assessment at http://auditor.ca.gov/reports/2019-601/chapters.html#pg29.

Area of Concern State Auditor 2021 Assessment Status
Oversight related to education funding In our November 2019 report, we made several recommendations to the Legislature and the State Board of Education to strengthen oversight related to LCFF funds, improve the transparency and effectiveness of LCAPs, and increase access to statewide data that could align spending information with student outcomes. The State Board of Education has fully implemented or resolved all of the recommendations we presented in our November 2019 report. Although legislation to implement three of the recommendations to the Legislature related to spending money on intended students has been vetoed, the State enacted a law that resolves two other recommendations related to tracking spending and outcomes. Because the State has made sufficient progress in implementing the recommendations resulting from our audit, we are removing funding for K–12 education from the high-risk list. Removed from high-risk list


We prepared this report under the authority vested in the California State Auditor by Section 8546.5 of the Government Code.

Respectfully submitted,

ELAINE M. HOWLE, CPA
California State Auditor

August 19, 2021






Endnotes

1 Report 2020-610: State High Risk Update—Federal COVID‑19 Funding: Coronavirus Relief Fund, January 2021

2 Report 2020-628.2: Employment Development Department: Significant Weaknesses in EDD’s Approach to Fraud Prevention Have Led to Billions of Dollars in Improper Benefit Payments, January 2021

3 Report 2020-612: California Department of Public Health: It Could Do More to Ensure Federal Funds for Expanding the State’s COVID‑19 Testing and Contact Tracing Programs Are Used Effectively, April 2021

4 Report 2020-039: FI$Cal Status Letter: FI$Cal’s Governing Entities Have Extended the Project Completion Target by Two Years While Struggles with Financial Reporting Persist, January 2021

5 Report 2013-601: High Risk: The California State Auditor’s Updated Assessment of High-Risk Issues the State and Select State Agencies Face, September 2013

6 Report 2015-611: High Risk Update—Information Security: Many State Entities’ Information Assets Are Potentially Vulnerable to Attack or Disruption, August 2015

7 Report 2017-601: High Risk: The California State Auditor’s Updated Assessment of High-Risk Issues the State and Select State Agencies Face, January 2018

8 Report 2018-603: Department of Health Care Services: It Paid Billions in Questionable Medi‑Cal Premiums and Claims Because It Failed to Follow Up on Eligibility Discrepancies, October 2018

9 Report 2019-002: Federal Compliance Audit Report for the Fiscal Year Ended June 30, 2019, October 2020

10 Report 2012-122: Mental Health Services Act: The State’s Oversight Has Provided Little Assurance of the Act’s Effectiveness, and Some Counties Can Improve Measurement of Their Program Performance, August 2013

11 Report 2017-117: Mental Health Services Act: The State Could Better Ensure the Effective Use of Mental Health Services Act Funding, February 2018

12 Report 2020-613: Department of Health Care Services: Despite the COVID‑19 Public Health Emergency, the Department Can Do More to Address Chronic MediCal Eligibility Problems, July 2021

13 Report 2014-111: California Department of Public Health: It Has Not Effectively Managed Investigations of Complaints Related to Long-Term Health Care Facilities, October 2014

14 Report 2017-109: Skilled Nursing Facilities: Absent Effective State Oversight, Substandard Quality of Care Has Continued, May 2018

15 Report 2020-043: CA-MMIS Status Letter, December 2020

16 Report 2013-604: New High Risk Issue: Providing a High Quality and Affordable Public Education Presents Significant Challenges, December 2013

17 Report 2019-101: K–12 Local Control Funding: The State’s Approach Has Not Ensured That Significant Funding Is Benefiting Students as Intended to Close Achievement Gaps, November 2019