Single Audit Report Fiscal Year Ended June 30, 2012 - State ...

More documents

Recommendations

Info

State of GeorgiaFinancial Statement Findings and Questioned CostsFor the Fiscal Year Ended June 30, 2012LABOR, DEPARTMENT OFFinding Control Number: FS-440-12-01ACCOUNTING CONTROLS (OVERALL)Inadequate Supporting Documentation for Adjusting Journal EntriesCondition: Our examination included a review of five (5) adjusting journal entries totaling to $541,472,491.68that were posted to the Department of Labor's (Department) general ledger in the month of June 2012involving the Department's major Federal programs. The adjusting journal entries reviewed allocatedoverhead costs to specific programs, transferred expenses between grant years within programs, ortransferred expenses between programs. The supporting documentation for each of these journalentries was inadequate. They did not contain adequate explanations for the purpose of the journalentries, information was not provided to support the amounts adjusted, nor was there any indication ofthe original transactions being adjusted.Criteria:The Financial Management Policies and Procedures, policy number 4-8-1, issued by the Office ofPlanning and Budget and State Accounting Office, states that "Documentation should be maintainedfor adjustments posted during a fiscal year, especially as a part of year-end closing procedures, thatallows for the verification of the adjusted transaction to the source documentation supporting theoriginal transaction. Such documentation should include, but is not necessarily limited to, analysesidentifying original deposit ID's, purchase orders, voucher ID's or other relevant identifying referenceand should identify the original transaction's budget program by fund source or justification for achange in allocation methodology."Further, the Accounting Policy Manual, Category 3 - Closing Procedures, DocumentationRequirements, issued by the State Accounting Office, states in part that documentation "...Regardlessof the format used for storage purposes, all recorded transactions (including adjusting entries andtransfers) should be supported by copies of source documents (such as vendor invoices, receivingrecords, cash receipts, timesheets, loan documents, or bank statements) and other supportinginformation sufficient to provide clear evidence of...adjustments reclassifying transactions should betraceable to the documentation supporting the original transaction."Cause:Effect:Recommendation:The deficiencies noted were a result of the Department's failure to implement adequate internal controlprocedures to ensure compliance with the Financial Management Policies and Procedures and theAccounting Policy Manual for the State of Georgia.Approving and posting journal entries without adequate supporting documentation could result in amaterial misstatement in the financial statements including misstatements due to fraud.The Department of Labor should develop and implement policies and procedures to ensure thatadequate documentation is maintained and reviewed prior to approving and posting journal entries.Additional training on the guidelines included in the Financial Management Policies and Proceduresand the Accounting Policy Manual for the State of Georgia should be provided to employeesresponsible for preparing and approving journal entries.Finding Control Number: FS-440-12-02ACCOUNTING CONTROLS (OVERALL)Ineffective Change Management and Logical Access ControlsCondition:Criteria:Our review of the established internal control structure associated with certain financial applicationsrevealed deficiencies in change management and logical access controls designed to protect theintegrity of financial information, mitigate the risk of manipulation, corruption, or loss of data, andensure financial information is processed accurately.IT governance should be established over significant financial systems to prevent or detectunauthorized use, damage, loss, or modifications.52
State of GeorgiaFinancial Statement Findings and Questioned CostsFor the Fiscal Year Ended June 30, 2012Information:Cause:Effect:Recommendation:The following deficiencies were noted:• Developers have the ability to promote changes to the production environment. In addition, usershave the ability to promote changes to the production environment which is not commensuratewith their job responsibilities.• Sufficient evidence supporting authorization, testing, and approval of changes promoted toproduction was not maintained.• A process to subsequently monitor changes that have been promoted to production is not in placeto determine whether those changes were authorized, tested, and approved and have notcircumvented the standard change management process.• A formal process to periodically review user access to certain applications is not currently in placeto determine whether access continues to be appropriate.• Users have the ability to provision access to certain applications which is not commensurate withtheir job responsibilities.• Users have access to certain applications which is not commensurate with their jobresponsibilities.• Terminated employees had continued access to certain applications.• General security settings for certain applications and their supporting operating systems anddatabases are not configured to provide reasonable assurance that access is limited to authorizedindividuals.The Department did not adequately establish and implement policies and procedures to govern theintegrity and accuracy of the information used in the financial statement preparation process.Without proper controls in place, loss, manipulation, or corruption of financial data within thissignificant system could occur.Department of Labor should enhance change management and logical access policies and proceduresto include the following:• Inappropriate access to promote changes to the production environment should be removed. Ifthere is a business need for such access, mitigating controls, such as monitoring of changes,should be put in place to determine that only appropriate changes are promoted to the productionenvironment.• A defined change management process should be established to ensure changes are authorized,tested, and approved prior to migration.• A process to periodically review changes promoted to production should be put in place to detectchanges performed outside of the normal change management process.• A periodic review of application access should be established to determine that access continues tobe appropriate based on job responsibility.• Privileges which are not necessary for a particular job function should be removed. If there is abusiness need for such access, mitigating controls should be put in place to ensure noinappropriate activity is taking place.• A process should be established to determine that terminated users are removed in a timelymanner.• General security settings should be reconfigured to reduce the risk of unauthorized access.Finding Control Number: FS-440-12-03GENERAL LEDGERInadequate General LedgerCondition:The Department of Labor (Department) utilizes a secure, ongoing host-based application to processand account for transactions relating to the State of Georgia Unemployment Insurance Program,whereas the general ledger utilized by the Department to produce the financial statements for theUnemployment Compensation Fund is an Excel-based set of spreadsheets which are manually updatedon a daily basis from reports and information produced by the host application. This type of setup iscommonly referred to as “end-user computing.” The general ledger utilized by the Department isinadequate due to being basically a set of ongoing cash sheets.53
Page 1:
Single Audit ReportFiscal Year Ende
Page 11: Report on Internal Control Over Fin
Page 14 and 15: Foundation, Incorporated, Georgia T
Page 16 and 17: Firefighters’ Pension Fund, Georg
Page 19 and 20: Greg S. GriffinSTATE AUDITOR(404) 6
Page 21 and 22: In our opinion, based on our audit
Page 23 and 24: Activities Allowed or UnallowedFA-4
Page 25: Findings and Questioned Costs
Page 29 and 30: State of GeorgiaSummary of Auditor
Page 31: Financial Statement Findings
Page 34 and 35: State of GeorgiaFinancial Statement
Page 87: State of GeorgiaFinancial Statement
Page 91 and 92: State of GeorgiaFederal Awards Find
Page 110 and 111:
State of GeorgiaFederal Awards Find
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 137:
Expenditures of Federal Awards
Page 141 and 142:
State of GeorgiaSchedule of Expendi
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249:
Page 253 and 254:
State of GeorgiaNotes to the Schedu
Page 255 and 256:
Page 257:
Page 261 and 262:
State of GeorgiaSchedule of Cluster
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273:
Page 277:
Summary Schedule of Prior YearFindi
Page 280 and 281:
State of GeorgiaSummary Schedule of
Page 282 and 283:
Page 284 and 285:
Page 287 and 288:
State of GeorgiaSchedule of Prior Y
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301:
Corrective Action Responses toCurre
Page 305 and 306:
State of GeorgiaAuditee’s Correct
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
Page 329 and 330:
Page 331 and 332:
Page 333 and 334:
Page 335 and 336:
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353:
Page 357 and 358:
State of GeorgiaListing of Organiza
Page 359 and 360:
Page 361:
show all

Single Audit Report Fiscal Year Ended June 30, 2012 - State ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?