Audit Report

Comptroller of the Treasury General Accounting Division August 2006

OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY

•

This report and any related follow-up correspondence are available to the public through the Office of Legislative Audits at 301 West Preston Street, Room 1202, Baltimore, Maryland 21201. The Office may be contacted by telephone at 410-946-5900, 301-970-5900, or 1-877486-9964.

•

Electronic copies of our audit reports can be viewed or downloaded from our website at http://www.ola.state.md.us.

•

Alternative formats may be requested through the Maryland Relay Service at 1-800-7352258.

•

The Department of Legislative Services – Office of the Executive Director, 90 State Circle, Annapolis, Maryland 21401 can also assist you in obtaining copies of our reports and related correspondence. The Department may be contacted by telephone at (410) 946-5400 or (301) 970-5400.

August 30, 2006

Senator Nathaniel J. McFadden, Co-Chair, Joint Audit Committee Delegate Charles E. Barkley, Co-Chair, Joint Audit Committee Members of Joint Audit Committee Annapolis, Maryland Ladies and Gentlemen: We have audited the Comptroller of the Treasury – General Accounting Division (GAD) for the period beginning January 22, 2003 and ending March 15, 2006. Our audit disclosed certain deficiencies with respect to GAD’s responsibility to centrally process the State’s vendor invoices. Specifically, GAD had not established adequate controls over undeliverable vendor checks as well as the State’s files of vendor names and addresses. Consequently, vendor checks could be diverted to improper recipients without timely detection. Respectfully submitted,

Bruce A. Myers, CPA Legislative Auditor

Background Information Agency Responsibilities The General Accounting Division (GAD), which is a unit of the Comptroller of the Treasury, is primarily responsible for maintaining the State’s accounting records, centrally processing vendor invoice payments, and distributing checks prepared by the State Treasurer’s Office. GAD is also responsible for annually preparing the State’s general purpose financial statements. According to the State’s accounting records, GAD’s expenditures totaled approximately $4.9 million during fiscal year 2005.

Audit of the State’s General Purpose Financial Statements An independent accounting firm is engaged annually by the Comptroller of the Treasury for the purpose of expressing an opinion on the State’s general purpose financial statements. In the related audit reports for fiscal years ended June 30, 2005, 2004, and 2003, the firm stated that the State’s general purpose financial statements presented fairly, in all material respects, the financial position of the State, and the respective changes in financial position and cash flows for the years then ended, in conformity with accounting principles generally accepted in the United States.

Current Status of Findings From Preceding Audit Report Our audit included a review to determine the current status of the six findings contained in our preceding audit report dated December 1, 2003. We determined that GAD satisfactorily addressed four of these findings. The remaining two findings have been combined into one finding and are repeated in this report.

2

Findings and Recommendations Vendor Payments Finding 1 The General Accounting Division (GAD) had not established adequate internal controls over the State’s vendor files and checks returned to GAD by the post office. Analysis Adequate controls had not been established over the State’s vendor files and undeliverable vendor checks returned to GAD by the post office. Consequently, vendor checks could be diverted to improper recipients without timely detection. Specifically, our review disclosed the following deficiencies: •

There was no documentation on file to support that significant changes to the State’s vendor files made by two employees, such as modifications to vendor names and addresses, were verified to source documentation by supervisory personnel.

•

The custodian of undeliverable checks returned to GAD could also update the records that accounted for the disposition of these checks (for example, remailed).

•

New vendor addresses for certain undeliverable checks were recorded in the State’s vendor files and vendor checks were then mailed to these new addresses without ensuring that proper written authorization and documentation for the address changes were obtained from the State agencies that initiated the check requests.

Similar conditions were commented upon in our preceding audit report. According to GAD’s records, during the period from July 2005 to March 2006, check payments mailed to vendors totaled approximately $5.9 billion. Approximately $900,000 of those check payments were undeliverable checks returned to GAD. Recommendation 1 We again recommend that GAD supervisory personnel document the verification of changes made to the State’s vendor files and retain this documentation for future reference. Additionally, we again recommend that

3

the GAD employee who is the custodian of the undeliverable checks not have the capability to update the current status of these checks on GAD’s records. Finally, we again recommend that the proper authorization and documentation of the sources of new vendor addresses be obtained before remailing undeliverable checks and updating the State’s vendor files.

Audit Scope, Objectives and Methodology We have audited the Comptroller of the Treasury – General Accounting Division (GAD) for the period beginning January 22, 2003 and ending March 15, 2006. The audit was conducted in accordance with generally accepted government auditing standards. As prescribed by the State Government Article, Section 2-1221 of the Annotated Code of Maryland, the objectives of this audit were to examine GAD’s financial transactions, records and internal control, and to evaluate its compliance with applicable State laws, rules, and regulations. We also determined the current status of the findings contained in our preceding audit report. In planning and conducting our audit, we focused on the major financial-related areas of operations based on assessments of materiality and risk. Our audit procedures included inquiries of appropriate personnel, inspections of documents and records, and observations of GAD’s operations. We also tested transactions and performed other auditing procedures that we considered necessary to achieve our objectives. Data provided in this report for background or informational purposes were deemed reasonable, but were not independently verified. Our audit did not include certain support services provided to GAD by the Comptroller of the Treasury – Office of the Comptroller. These support services (such as processing of invoices, maintenance of accounting records, and related fiscal functions) are included in the scope of our audits of the Office of the Comptroller. Our audit also did not include certain support services provided to GAD by the Comptroller of the Treasury – Information Technology Division related to the procurement and monitoring of information technology equipment and services. These support services are included in the scope of our audits of the Information Technology Division. Our audit scope was limited with respect to GAD’s cash transactions because the Office of the State Treasurer was unable to reconcile the State’s main bank accounts during the audit period. Due to this condition, we were unable to

4

determine, with reasonable assurance, that all GAD’s cash transactions were accounted for and properly recorded on the related State accounting records as well as on the banks’ records. GAD’s management is responsible for establishing and maintaining effective internal control. Internal control is a process designed to provide reasonable assurance that objectives pertaining to the reliability of financial records, effectiveness and efficiency of operations including safeguarding of assets, and compliance with applicable laws, rules and regulations are achieved. Because of inherent limitations in internal control, errors or fraud may nevertheless occur and not be detected. Also, projections of any evaluation of internal control to future periods are subject to the risk that conditions may change or compliance with policies and procedures may deteriorate. Our reports are designed to assist the Maryland General Assembly in exercising its legislative oversight function and to provide constructive recommendations for improving State operations. As a result, our reports generally do not address activities we reviewed that are functioning properly. This report includes conditions that we consider to be significant deficiencies in the design or operation of internal control that could adversely affect GAD’s ability to maintain reliable financial records, operate effectively and efficiently, and/or comply with applicable laws, rules, and regulations. Our report did not include any conditions regarding significant instances of noncompliance with applicable laws, rules, or regulations. Other less significant findings were communicated to GAD that did not warrant inclusion in this report. The Office of the Comptroller’s response, on behalf of GAD, to our findings and recommendations is included as an appendix to this report. As prescribed in the State Government Article, Section 2-1224 of the Annotated Code of Maryland, we will advise the Office regarding the results of our review of its response.

5

AUDIT TEAM James P. Shevock, CPA Audit Manager A. Jerome Sokol, CPA Information Systems Audit Manager Jonathan H. Finglass, CPA Senior Auditor Omar A. Gonzalez, CPA Information Systems Senior Auditor Karen Y. Brownley Elaine D. Kagan W. Thomas Sides Staff Auditors