Washington State Auditors Office

Accountability Audit Report

Department of Social and Health Services

Audit Period July 1, 2005 through June 30, 2006 Report No. 6663

Issue Date July 13, 2007

Washington State Auditor Brian Sonntag

July 13, 2007

Robin Arnold-Williams, Secretary Department of Social and Health Services

Report on Accountability
Please find attached our report on the Department of Social and Health Services accountability and compliance with state laws and regulations and its own policies and procedures. In addition to this work, we perform an annual audit of the statewide basic financial statements as required by state law (RCW 43.09.310). We also annually audit federal programs administered by the state of Washington for compliance with federal laws and regulations. The results of these audits are published in reports issued by the Office of Financial Management. Sincerely,

BRIAN SONNTAG, CGFM STATE AUDITOR

Insurance Building, P.O. Box 40021 Olympia, Washington 98504-0021 (360) 902-0370 (866) 902-3900 TDD Relay (800) 833-6388 FAX (360) 753-0646 http://www.sao.wa.gov

Table of Contents
State of Washington Department of Social and Health Services
Audit Summary.............................................................................................................................................. 1 Description of the Department ...................................................................................................................... 3 Audit Areas Examined................................................................................................................................... 4 Schedule of Audit Findings and Responses ................................................................................................. 6 Status of Prior Audit Findings...................................................................................................................... 23 Summary of Federal Audit Findings............................................................................................................ 25

Audit Summary
State of Washington Department of Social and Health Services ABOUT THE AUDIT
This report contains the results of our independent accountability audit of the Department of Social and Health Services for the period from July 1, 2005, through June 30, 2006. We evaluated internal controls and performed audit procedures on the financial activities of the Department. We also determined whether the Department complied with state laws and regulations and its own policies and procedures. Our work focused on specific areas that have potential for noncompliance, misappropriation or misuse of public resources.

RESULTS
In most areas, the Department complied with state laws and regulations and its own policies and procedures. However, we identified four conditions significant enough to report as findings: The Department does not have adequate internal controls over the processing of expenditures through the Agency Financial Reporting System. The Department does not include required insurance language in contracts with individuals and agencies that provide transportation for clients of supported living services. The Department does not have adequate controls to ensure all payments through its Social Services Payment System are supported and approved. The Department did not perform adequate monitoring for background checks.

We also noted certain matters that we communicated directly to Department management. We appreciate the Departments commitment to resolving those matters.

RELATED REPORTS
Our opinion on the state of Washingtons basic financial statements is included in the states Comprehensive Annual Financial Report. That report is issued by the Office of Financial Management in December of each year. In accordance with the Single Audit Act, we annually audit major federal programs administered by the state of Washington. Rather than perform a single audit of each agency, we audit the state as a whole. As a result of the federal audit work performed at the Department, we identified 30 conditions significant enough to report as federal findings: 18 issues related to the Medicaid program and 12 related to various other federal programs. Details of those findings, as well as the status of the Departments prior federal findings, were published in a report issued by the state Office of Financial Management on March 31, 2007.

Washington State Auditors Office 1

During the audit period, we issued eight reports pursuant to the State Employee Whistleblower Act (RCW 42.40). We audited the Medicaid program separately. Links to those reports may be found on our Web site at www.sao.wa.gov.

CLOSING REMARKS
We appreciate the Departments attention to resolving prior audit issues and its commitment to addressing conditions reported in this audit. We also thank Department management and personnel for their assistance and cooperation throughout the audit.

Washington State Auditors Office 2

Description of the Department

State of Washington Department of Social and Health Services ABOUT THE DEPARTMENT
The Department of Social and Health Services mission is to improve the quality of life for individuals and families in need. The Department works to help people achieve safe, self-sufficient, healthy and secure lives. The Department spends approximately $9 billion a year, which represents approximately one-third of the state budget. It has more than 18,000 employees. Agency resources, most of which flow through the General Fund, are composed of approximately 49 percent federal funds, 46 percent state funds and 5 percent other sources. Based on the most recent data available, every two years the Department serves one in four state residents (or approximately 1.5 million people) and two out of five children and youth. The Department is divided into five administrations: Health and Recovery Services, Economic Services, Aging and Disability Services, Juvenile Rehabilitation Services and Childrens Services. The Health and Recovery Services Administration, which includes the Medicaid Program, accounts for over half of the Departments total budget. Our report on the current audit of Medicaid has been published separately.

AUDIT HISTORY
We audit the Department annually. During the past five audits we reported several areas of concern. Below we have listed the number of total findings in each year. In addition, we audit several federal programs, including Medicaid, at the Department annually. Audit findings related to those programs can be found in the annual Single Audit Reports which are issued by the Office of Financial Management. Links to those reports can be found on our Web site at www.sao.wa.gov. Number of Accountability Findings 2 4 1 3 4 Number of Federal Findings Medicaid 1 10 22 26 18 Number of Federal Findings other than Medicaid 5 5 18 18* 12

Fiscal Year 2002 2003 2004 2005 2006

* Three of the 2005 federal findings were followed up on as part of this audit and not as part of the state of Washington Single Audit. The results of that follow up are included in this report.

Washington State Auditors Office 3

Audit Areas Examined

State of Washington Department of Social and Health Services
In keeping with general auditing practices, we do not examine every portion of the Department of Social and Health Services' financial activities during each audit. The areas examined were those representing the highest risk of noncompliance, misappropriation or misuse. The following areas were examined during this audit period:

ACCOUNTABILITY
We evaluated the Departments accountability and compliance with certain state laws and regulations and its own policies in the following areas: Payments to clients and providers Payroll Computer application review Contracts and agreements Safeguarding of assets

FINANCIAL
We perform an annual audit of the statewide basic financial statements as required by state law (RCW 43.09.310). These financial statements are included in the Comprehensive Annual Financial Report (CAFR) prepared by and available from the Office of Financial Management. The CAFR reflects the financial activities of all funds, organizations, institutions, agencies, departments and offices that are part of the state's reporting entity. We tested the Departments account balances and financial activity related to: Due from other governments Human Services operating grants and contributions Federal grants in aid Human Services

FEDERAL PROGRAMS
Federal grant audit work is performed on a statewide basis, in accordance with the revised Single Audit Act. We select federal programs for audit using risk-based criteria set forth in the U.S. Office of Management and Budget Circular A-133.

Washington State Auditors Office 4

We evaluated internal controls and tested compliance with federal requirements, as applicable, for the following major federal programs at the Department: Food Stamp Cluster Grants, CFDA 10.551 and 10.561 Temporary Assistance for Needy Families, CFDA 93.558 Childcare Cluster Grants, CFDA 93.575 and 93.569 Adoption Assistance, CFDA 93.659 State Childrens Insurance Program, CFDA 93.767 Disability Insurance/Supplemental Security, CFDA 96.001 and 96.006 Vocational Rehabilitation Basic, CFDA 84.126 Child Support Enforcement, CFDA 93.563 Foster Care Title IV, CFDA 93.658 Social Services Block Grant, CFDA 93.668 Substance Abuse Block Grant, CFDA 93.959 Medicaid Cluster Grants, CFDA 93.775, 93.777 and 93.778

In addition, we followed up on prior audit recommendations for the following federal programs at the Department: Community Mental Health Services Block Grant, CFDA 93.958 Juvenile Accountability Incentive Block Grant, CFDA 16.523

Washington State Auditors Office 5

Schedule of Audit Findings and Responses

State of Washington Department of Social and Health Services
1. The Department of Social and Health Services does not have adequate internal controls over the processing of expenditures through the Agency Financial Reporting System. Background
The Agency Financial Reporting System (AFRS) is the state of Washington's official accounting system. State agencies are required to enter their financial data, including accounts payable, into this system. When used effectively, the systems security features can reduce the risk of error or fraud in financial transactions. Each agency designates a security administrator responsible for determining the level of access granted to individuals within the agency and for removing access when appropriate. System access controls preclude any one person from having total control over a transaction. We identified and reported internal control weaknesses related to system access in audit reports for the Department in fiscal years 2003, 2004 and 2005.

Description of Condition
For the fourth year, we reviewed to determine if the Department has improved controls over access in AFRS. Although we acknowledge the Department has put in place compensating controls, we again found the Department does not use system features that allow for an adequate segregation of accounts payable: We found 305 Department employees have incompatible duties. These employees have the system access necessary to enter and approve payment batches without management review. This is a 35 percent decrease from last year, but still represents a risk that these employees could process a fictitious payment. These 305 employees also have the access needed to process payments to unauthorized vendors by using codes intended for one-time, rather than recurring, payments. For fiscal year 2006, payments processed through these codes totaled $40,698,918 and involved 61,915 payment transactions. These payments do not require the vendor to be formally approved and established in AFRS. Instead, employees could set up any vendors they wish in the system and generate payments to them. Given this concern, we selected 20 payment transactions to test, based on certain high risk criteria. Our review did not find any fictitious payments. However, the number of transactions we looked at remains small in comparison to the number of payments made using this code; therefore, the results do not provide assurances that no fictitious payments have occurred. As part of the corrective action plan, the Department established a policy that requires quarterly monitoring. We evaluated this monitoring of one-time payments for four programs. We found the Department is monitoring and changing certain codes intended

Washington State Auditors Office 6

for one-time payments to regular vendor numbers. However, we noted individuals assigned to monitor the one-time payments at the programs both enter and approve those payment batches. This condition poses a risk for fraudulent one-time payments. The Departments corrective action plan places great reliance on the detection of inappropriate payments through quarterly monitoring. It is not using more preventive controls that would minimize the inherent risk that employees could set themselves up as vendors for these one-time payments.

Cause of Condition
The Department believes the compensating control of the quarterly report monitoring is adequate to minimize the risk of invalid payments.

Effect of Condition
These control weaknesses increase the risk that error or misappropriation could occur and not be detected by management in a timely manner if at all.

Recommendation
We again recommend the Department secure access to the accounts payable system by separating duties for those who make payments in AFRS. We recommend the one-time payments report be reviewed by someone who is not involved in entering these payments. We further recommend the Department review all one-time payment reports completely to ensure these payments are valid.

Departments Response
The Department partially concurs with this finding regarding system security in the Agency Financial Reporting System (AFRS). This area deals with the level of access given to employees in AFRS. As the Department responded the last three years, this section of the finding is based solely on the review of system security accesses. The auditor has acknowledged that the Department has implemented compensating internal controls, which minimize the risk of error or fraud in financial transactions. The finding asserts inadequate internal controls based solely on the Departments choice not to implement segregation of duties based on system access. The Department believes compensating controls are employed to provide sufficient internal control over the processing of expenditures. No audit evidence has been presented to assert the generally accepted compensating controls are insufficient. Management has been addressing this issue since it became an audit finding. During FY06, the following changes occurred:

In February 2006, a DSHS AFRS security policy, along with a new security form, was implemented. DSHS management at each location applied the AFRS control of separation of input and release functions where applicable. Where this security level is not adopted, staff independent of the input and release function, perform a 100% review of all data processed. The control of 100% post review has been determined by DSHS management to be a stronger control in detecting irregular payments in that AFRS does not require the reviewer scroll through the items input prior to releasing a batch. Therefore, the batch releaser could just release the batch without performing any review and the only thing we accomplished was separating the input and release function.

Washington State Auditors Office 7

The second area of the finding deals with a payment mechanism in AFRS call V0D1. The V0D1 payment option allows for agencies to make payments without having to register (i.e. obtain the tax identification number) an individual or entity. The following are responses to each condition in the finding related to V0D1: The Department partially concurs with the condition that via the use of certain designated codes (V0D1), employees can generate a warrant to anyone. The audit report does not identify testing of compensating controls to prevent this from occurring. Compensating controls are provided through separation of payment/warrant distribution from payment generation capabilities and the review of output reports and registers. In addition, headquarters fiscal staff reviews the V0D1 usage quarterly, for improper usage. The agency has reviewed the current processed/controls in place and determined that adequate compensating controls are in place. Furthermore, the finding does not indicate that any payments were improperly made. In SFY 2006, the Department established a policy that requires quarterly monitoring of payments processed using V0D1. The department will review the AFRS access for individuals assigned to monitor the one-time payment batches to review for incompatible duties.

In addition to the items addressed above, the Department has requested that its Internal Auditor review the areas of AFRS Security and V0D1 payments. At the completion of the audit, management will review the findings and take appropriate action.

Auditors Remarks
We appreciate the Departments commitment to assessing its controls over system security. We will review the status during our next audit.

Applicable Laws and Regulations

The state of Washington Office of Financial Managements State Administrative and Accounting Manual, Section 20.20.20.a, states in part: Each agency director is responsible for establishing and maintaining an effective system of internal control throughout the agency. The state of Washington Office of Financial Managements State Administrative and Accounting Manual, Section 20.20.70.a, states in part: Control activities are the policies and procedures that help ensure management directives are carried out. Segregation of duties Duties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions. For example, responsibilities for authorizing transactions, recording them, and handling the related assets should be separated.

Washington State Auditors Office 8

The state of Washington Office of Financial Managements Agency Financial Reporting System states in part: It is very important for agencies to review their internal control procedures and system security records. OFM recommends agencies use AFRS system security so that the Transaction Input, Batch Release, Error Correction, and Agency Vendor Maintenance functions are performed by separate individuals. Agencies should utilize the transaction review screen prior to releasing batches.

Washington State Auditors Office 9

Schedule of Audit Findings and Responses

State of Washington Department of Social and Health Services
2. The Department of Social and Health Services, Division of Developmental Disabilities, does not include required insurance language in contracts with individuals and agencies who provide transportation for clients of supported living services. Background
The Departments Division of Developmental Disabilities, contracts with individuals and agencies to provide supported living services to some of its clients. These services allow clients to live independently while receiving assistance in daily activities such as paying bills or preparing meals. State regulations address service providers involvement with a clients transportation needs. Services are to include transportation to emergency medical care, medical appointments and therapy. Within available resources, the provider must assist with transportation to and from work, school and leisure activities. Any vehicle the service provider uses to transport clients must be in safe operating condition and properly insured. Many times the service providers employees supply transportation for clients in the employees personal vehicles. In our Statewide Accountability Report for fiscal year 2005, we issued Finding 05-09 recommending the Department establish the following internal controls in this area: Clearly define its expectations for properly insured vehicles used to transport clients. Add language to the service provider contracts that specifically addresses required insurance coverage for employee-owned vehicles used to transport clients or language that prohibits employees from using their own vehicles for such purposes.

Description of Condition
We have been reviewing the subject of properly insured vehicles used to transport clients with the Division of Disability Services since 2003. As a result of last years finding, the Division stated it had developed a plan to revise contract language and make any needed policy changes by July 2006. The corrective action plan addressed part of the prior audit finding but did not fully address the need, in the contract, to provide for Business Auto Policy coverage when the contractor is required to transport clients as a part of the service. The contracts to provide those services still fail to provide assurance that vehicles are properly insured to meet state regulations and Department policy. In addition, the Certificate of Insurance submitted by the contractor would have been insufficient to comply with this insurance requirement.

Washington State Auditors Office 10

Cause of Condition
The Department does not believe it is at a high risk of liability in the event of an injury to a client while being driven in an underinsured vehicle. In addition, the Department believes the General Liability Insurance covers any additional liability.

Effect of Condition
A potential financial liability to the state has not been fully addressed by the Department.

Recommendation
We recommend the Department establish the following internal controls in this area: Clearly define its expectations for properly insured vehicles used to transport clients. Add language to service provider contracts as required by Washington Administrative Code and the Agency Administrative Policy 13.13 that specifically addresses a required business auto policy if the contract requires that clients be transported.

Departments Response
The following language will be added to all Division of Developmental Disabilities supported living and group home contracts. The new contracts will be issued on July 01, 2007. Auto Liability Insurance The Contractor shall maintain a Business Automobile Policy on contractor-owned vehicles used to transport clients, with the following minimum limits: $1,000,000 per accident combined single limit. The Contractors carrier shall provide DSHS with a waiver of subrogation or name DSHS as an additional insured. The Contractor shall maintain non-owned vehicle coverage for vehicles not owned by the Contractor but used to transport clients. The new contract language is slightly different than the sample language provided in the guidance to Policy 13.13. The Division of Developmental Disabilities has submitted a request for approval of a waiver to this language, per section D of the policy.

Auditors Remarks
We appreciate the Departments commitment to resolving this issue. We will review the status of the condition during our next audit.

Applicable Laws and Regulations

Washington Administrative Code 388-101-2300, Client Transportation, states in part: How must the service provider be involved with a client's transportation needs? (3) A vehicle that the service provider uses to transport clients must be: (a) In safe operating condition; and (b) Properly insured for its usage.

Washington State Auditors Office 11

The Department of Social and Health Services Administrative Policy 13.13, titled Insurance Requirements for Contracts, states, under Central Contract Service Responsibilities, to reference the CCS and TRACKS Purchased Services Contracts Web site for the types and amounts of insurance that contactors are required to carry. The Web site contains the following guidance on auto liability insurance: When the Contractor is required to transport clients as a part of the service under the contract, a Business Auto Policy shall be maintained. Business Auto Policy is a commercial auto policy that includes auto liability and auto physical damage coverage, which provides protection for our clients. Recommended language for contracts is: b. Auto Liability Insurance The Contractor shall maintain a Business Automobile Policy on all vehicles used to transport clients, including vehicles hired by the Contractor or owned by the Contractors employees, volunteers or others, with the following minimum limits: $1,000,000 per accident combined single limit. The Contractors carrier shall provide DSHS with a waiver of subrogation or name DSHS as an additional insured. The state of Washington Office of Financial Managements State Administrative and Accounting Manual, Section 20.20.20.a, states in part: Each agency director is responsible for establishing and maintaining an effective system of internal control throughout the agency. The state of Washington Office of Financial Managements State Administrative and Accounting Manual, Section 20.20.70.a, states in part: Control activities are the policies and procedures that help ensure management directives are carried out. Segregation of duties Duties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions. For example, responsibilities for authorizing transactions, recording them, and handling the related assets should be separated. The state of Washington of Financial Managements Agency Financial Reporting System states in part: It is very important for agencies to review their internal control procedures and system security records. OFM recommends agencies use AFRS system security so that the Transaction Input, Batch Release, Error Correction, and Agency Vendor Maintenance functions are performed by separate individuals. Agencies should utilize the transaction review screen prior to releasing batches.

Washington State Auditors Office 12

Schedule of Audit Findings and Responses

State of Washington Department of Social and Health Services
3. The Department of Social and Health Services does not have adequate controls to ensure all payments through its Social Services Payment System are supported and approved. Background
The Department developed the Social Services Payment System to provide authorization and payment processing for more than $1 billion in services delivered to clients each year. This system is used by the Economic Services Administration, Aging and Disability Services Administration, Health and Rehabilitative Services Administration, Juvenile Rehabilitation Administration, Medical Assistance Administration and Children's Administration. Approximately 3,500 case workers across the state use the system to authorize payments to more than 83,000 providers of services to more than 185,000 clients.

Description of Condition
During our 2005 audit, we found the Department had made $116,912.17 in duplicate payments to 13 clients. During the current audit, we identified 5,000 to 6,000 transactions as potential duplicate payments. We selected 68 of these based on larger transaction amounts, high volume transactions by employee and atypical transactions to review for support and approval. The selected payments included transactions for the divisions of Childrens Administration, Aging and Disability Services Administration, and the Economic Services. We found: Childrens Administration In the 33 transactions we chose for review: 10 were duplicate payments totaling $3283.43. The Department had identified two of these payments, the rest were identified through our audit. 14 transactions, including those discussed above, did not have documentation to support the payment prior to expenditure. Those expenditures totaled $59,450.44.

Aging and Disability Services Administration We reviewed 11 payments to providers. We did not identify any duplicate payments, but did find one unauthorized payment. Clients may receive benefits in excess of the standard amount allowable if pre-approved; but, for the client identified, the Department paid $4,065.75 in excess benefits without this authorization in place. Economic Services Administration We reviewed 24 payments for childcare services and identified nine overpayments totaling $2,563.23. Of these, three were duplicate payments. The remaining six were payments that exceeded the maximum amount allowed. The Department did not have documentation to show

Washington State Auditors Office 13

why the maximum was exceeded. The Department had identified three of these payments, the rest were identified through our audit. The Department has begun recovery proceedings for 10 of the 20 overpayments we identified. Nine of the remaining transactions had not yet been referred to the Office of Financial Recovery by the Administrations for collection as of the end of our audit. The Department does not agree that one transaction, in the Aging and Disability Services Administration, was an overpayment.

Cause of Condition
The Department does not have adequate internal controls to guard against overpayments. Data entry errors by caseworkers and other staff led to the overpayments. In all but five cases, the overpayments were not detected during departmental reviews.

Effect of Condition
Funds processed through the system are susceptible to loss because the Department cannot identify overpayments to providers in a timely manner.

Recommendation
We recommend the Department: Strengthen reviews of Social Services Payment System payments to help prevent future overpayments. Pursue recovery of overpayments.

Departments Response
Aging and Disability Services Administration: The department agrees that payment of $4,065.75 in excess benefits occurred without the proper pre-approval for these non-standard benefits. The Aging and Disability Services Administration, Division of Developmental Disabilities (DDD) Management Meeting to be held June 8, 2007 includes an agenda item to review Exception to Rule (ETR) requirements and process. When the DDD Case Management Information System (CMIS) rolls out statewide on March 30, 2008, it will include electronic processing and tracking of all ETRs, giving managers the ability to monitor and assess ETRs statewide. Childrens Administration: The Childrens Administration (CA) concurs with the finding that internal controls were not adequate to avoid overpayments, and that in certain instances sufficient documentation to support payments made were not retained in the files on site. The procedures used by the CA staff are being reviewed and updated to address the internal control weaknesses identified in this audit. Areas such as segregation of duties, consistency in the audit, and review of payments are the primary areas of focus. CA is currently in the process of developing a new case management system (SACWIS) and we expect this to help us in many areas concerning the control of payments. Work to update the procedures will be done on a collaborative basis and coordinated with all 6 regions in order to address the many structural variations that impact internal controls.

Washington State Auditors Office 14

Much of this effort acknowledges areas identified in the Administrations self evaluation process and works to address them consistently. There are several independent issues leading to the internal control weaknesses identified and the timeframe for addressing each of them vary, with some being addressed as early as June of 2007 and the latest by November 2007. Of the 10 overpayments discovered totaling $3,283.43 all 10 have been submitted to the Office of Financial Recovery. Economic Services Administration Response: The Economic Services Administration (ESA) concurs with the finding. ESAs Division of Employment and Assistance Programs (DEAP) strengthened the reviews of Social Service Payment System (SSPS) payments by instituting mandatory monthly audit requirements at the Community Service Office level. These audits, implemented in July 2006, are performed by Child Care Supervisors or Leadworkers. In addition, Administrative Services Division staff has also provided training to local office and region office staff on the use of SSPS reports to identify overpayments in a timely manner. DEAP will continue to emphasize the importance of payment accuracy and ensure training is provided to staff regarding the correct coding and processing of overpayments. DEAP will ensure regions know the availability of the SSPS training and request training as needed for staff. DEAP staff reviewed the nine questioned cases identified in the SAO audit and has taken the following actions: The 3 duplicate payments cases were reviewed and corrected; respective overpayments have been established. Of the 6 cases with payments that exceeded the maximum allowed 4 were determined to be correct but lacked the proper coding justifying the payment. The coding has been corrected. Overpayments have been established for the remaining 2 cases incorrectly billed by providers.

Auditors Concluding Remarks

We thank the Departments administrations for their responses and attention to addressing the conditions noted. We will review the status of these issues during our next audit.

Applicable Laws and Regulations

The Office of Financial Managements State Administrative and Accounting Manual, Section 20.20.20.a, states: Each agency director is responsible for establishing and maintaining an effective system of internal control throughout the agency.

Washington State Auditors Office 15

Schedule of Audit Findings and Responses

State of Washington Department of Social and Health Services
4. The Department of Social and Health Services, Division of Child Care and Early Learning, did not perform adequate monitoring for background checks. Background
The Departments Child Care Program licenses and pays child care centers and family home child care providers for services to eligible families. Approximately 9,000 child care providers are licensed in Washington State; the state pays approximately $256 million to these providers each year. Licensed applicants, and anyone 16 or older who will have unsupervised or regular access to children in care, are required to undergo a criminal background check. This includes assistants, volunteers and members of the applicants household. A Criminal Background Check Authorization form must be completed and is used to check whether these individuals have criminal backgrounds that would disqualify them from becoming licensed child care providers, associates or volunteers. Applicants are not licensed if household members or others with access to children being cared for are found to have disqualifying criminal backgrounds. On the form, the person is required to document his or her current name, date of birth and other names by which he or she has been known. Provision of a Social Security number is optional. The forms are sent to the Departments Background Check Central Unit. The Unit enters the data provided into a Department database, which draws information from the Washington State Patrols criminal history database and from the Department. The Patrols database includes only Washington arrests; therefore, a search of this database does not provide criminal background information from other states. Individuals can be included in the Patrols database for several reasons: When someone is arrested in Washington State, the arrest cards (including fingerprints) are sent to the Patrol. After the fingerprints have been searched and verified, the Patrol enters this data into the criminal history database. Once final disposition of the case is made, it is entered into the Washington Identification System. Fingerprints of all Washington State criminal justice employee applicants are entered into the criminal history database. Convicted sex and kidnapping offenders are required to register with the sheriff in their county of residence. The requirement to register includes offenders who move into Washington from another state. County sheriffs send these fingerprints and photographs to be entered by the Patrol into the criminal history database. The Patrol allows individuals meeting certain criteria to provide their own personal identification fingerprint cards to the Patrol for inclusion in the database.

Washington State Auditors Office 16

If a person reports residency in Washington State for more than three years, the background search does not require a fingerprint check. The Background Check Unit conducts the search in the Patrols criminal history database by using the name and date of birth given by the applicant. Other elements can match, such as Social Security numbers; however, the primary search is based on name and date of birth. Matches, if any, produce a Report of Arrest and Prosecution sheet that shows the criminal history record for this person. Sometimes this sheet includes a State Department of Corrections number that the Background Unit will research. If the Background Unit finds that the person did not commit a crime in Washington State, yet has a Corrections number, it may indicate the person has been imprisoned or is under Corrections supervision in this state for a crime committed in another state. If a person reports residency in Washington State for less than three years, state law gives the Department authority to require a fingerprint-based background check. The Background Unit forwards these fingerprints to the State Patrol. The Patrol performs a statewide search by comparing the fingerprints on the fingerprint card to the fingerprints in the Identification System. The fingerprints are forwarded electronically, by the Patrol, to the Federal Bureau of Investigation (FBI) for a nationwide search. The FBI forwards its search results electronically to the Patrol, which then switches them to the Background Unit. The statewide search results are mailed by the Patrol to the Background Unit. The Patrol and FBI search results are entered into the Departments Background Check Central Unit database as received. The results are mailed to the Division licensors. In our fiscal years 2003 and 2004 State Accountability Reports and the 2005 Department report, we reported weaknesses in the background check process. For the period under audit, this program was administered by the Departments Economic Services Administration. On July 1, 2006, administration of this program was taken over by a newly created agency, the Department of Early Learning.

Description of Condition
To follow up on previous audit weaknesses, we visited seven child care centers, licensed and paid by the Division. The centers had 17 locations that provide child care services. We requested documentation showing that criminal background checks had been done for the 242 employees of the child care centers we reviewed. We found: No current background check for 40 employees. 179 employee files had not been reviewed by a licensor during the past three years to determine if a background check had been completed. Files for 23 employees were reviewed repeatedly by a licensor rather then new files being chosen to verify if a background check had been done.

Cause of Condition
The Department stated licensor monitoring was meant to examine licensees management of the day care center, not necessarily to verify all employees and relatives of the provider had a background check. We were told a licensor would not have enough time to review for other items if he or she had to review every employee file for a current background check.

Effect of Condition
The Department could license and pay child care providers who do not pass background checks.

Washington State Auditors Office 17

Recommendation
We recommend the Department provide training to licensors to ensure monitoring at child care centers includes checking for documentation of criminal background checks and follows up on issues identified to ensure compliance with background check requirements.

Departments Response
Auditors Note: During the audit period, the Division of Child Care and Early Learning was part of the Department. On July 1, 2006, this Division was merged with the Early Childhood Education and Assistance Program (formerly part of the Department of Community, Trade and Economic Development) and the Early Reading Initiative (formerly part of the Office of Superintendent of Public Instruction) to form the newly created Department of Early Learning (DEL). The Department of Early Learning has responded to the audit finding since it will be responsible for corrective action and follow up. DEL Research DEL has carefully analyzed each of the three conditions found. In response to condition #1, DEL researched these 40 cases. Our research came up with the following results: In 5 of the 40 cases cited, employees did submit background checks and were cleared to work unsupervised with children. An additional, unduplicated 5 of the 40 cases cited, the background checks were rejected by DEL requiring the provider to re-submit.

DEL licensing staff also contacted the child care center employers/providers to determine if any of these employees for whom audit conditions occurred were still working. DEL determined the following: The 5 employees, rejected by DEL as noted above, did not continue with the background check process and were no longer employed. One employee, who was identified as name not matching form, did indeed have correct Social Security number and drivers license and was cleared to work unsupervised with children. Child care staff interviewed could not verify that two employees listed by SAO were ever employed by the facility.

In response to audit condition #2, the audit notes that 179 employee files were not reviewed by DEL licensors to determine if a background check had been completed. This is out of 242 files that were reviewed in the audit. This means that DEL reviewed 26% of staff files to check for required information in the paper file. The DEL process for reviewing files on site is for the licensor to either bring a partial list of staff names or randomly select names at the site. This list of staff is used to check employers records and files for completeness. During this review, if files are complete for these staff, it may be that no additional files are checked. If however, there are incomplete files, the licensor writes a compliance agreement documenting the problem and requirements for a solution. The licensor may also choose to review additional files. DEL currently does not prescribe the number or percentage of files to be checked.

Washington State Auditors Office 18

DELs practice has been to randomly sample files to identify facilities with problems keeping accurate records or completing background checks. Even so, DEL has an interest in doing a more complete review of records and has established new electronic systems to support this effort. In response to audit condition #3, files of 23 employees were reviewed repeatedly by a licensor rather than new files being chosen. DEL will address this issue through a policy memorandum and in licensor training. DEL SYSTEM IMPROVEMENTS Training DEL licensing and support staff receives training on conducting background check and character, competency and suitability assessments. This training was provided to all child care licensing staff in October 2004. Since that time, an updated version of the training, to include the DEL Background Check application, was offered to all child care licensing staff in August 2006. This training is also provided on an individual basis to new staff. Please see Attachment A: An overview of background check and character, competency and suitability assessment. Technological Advancements The processing of background checks is initiated by the provider when they hire any employee that will have unsupervised access to the children in care. Upon receipt of a completed background check DEL enters the applicant information on-line via our web service. This electronic processing of background checks was implemented in 2005. This information is transmitted to the DSHS Background Check Central Unit (BCCU). BCCU will then send the background check electronically to Washington State Patrol (WSP) and check the BCCU-CHS database for findings. Results are sent electronically back to DEL, and DEL conducts a character, competency and suitability review beginning by checking the DSHS Childrens Administrations database for child abuse and neglect referrals. Please see Attachment B the BCCU web service process and attachment C the BCCU fingerprint card scanning process. The DEL Background Check Application and Database is a secure system that allows DEL to: Electronically submit subject information to the BCCU. Receive background check results from the BCCU. Associate background check subjects with licensed facilities. Track the background check through the Character, Competency & Suitability (CCS) process. Assign workers throughout the CCS Process. Record information gathered in the CCS Process. Track clearances, disqualifications, and rejections. Record and analyze timeliness of background checks. Query and review past background checks for auditing purposes.

Moving to this automated process has allowed DEL to account for all the background checks submitted by child care providers. Electronic submission to BCCU has greatly reduced turnaround time for DEL, as well as reducing the paper processing load for BCCU employees. The average time to clear a background check has been reduced from two weeks or more to 8.8 days.

Washington State Auditors Office 19

Data from the system can be used in process improvement and resource allocation analysis in order to streamline the process and improve customer service. Search capabilities allows DEL staff to know immediately if a background check has completed for an individual without having to conduct an exhaustive search through paper files. DELS RESPONSE TO RECOMMENDATIONS DEL agrees with the State Auditors recommendation that licensing staff must receive training to ensure that all child care staff with unsupervised access to children have completed background checks. DEL is moving to a more efficient process through the use of DELs Background Check Application (an electronic database) to identify any current employees not in the database during an on-site visit. File reviews can then be conducted to determine whether the center is following the business practice of keeping a record of the background check in the employees file. DEL will take the following action to address the recommendation in this audit: An administrative policy memorandum will be sent to all licensing staff that directs them to record staff names on checklists when conducting licensing or monitoring visits. This memorandum will also provide instructions to licensors on the requirement that they conduct a personnel file review on staff whose files have not been reviewed in a previous licensing or monitoring visit. Licensors will further be instructed to print off names of persons associated with the license from the DEL Background Check application prior to conducting licensing or monitoring visit. Licensors will be trained to compare that list to the licensees payroll list; if staff is not listed, confirm whether or not that staff is required to have a background check. If background check is required, licensors will complete a Facility License Compliance Agreement and follow-up to ensure that background check application is submitted and processed.

Auditors Concluding Remarks

Our audit results are based upon the information and documentation provided and available to us at the time of inquiry. We appreciate the research conducted subsequently by the Department to address the exceptions noted. We thank the Department of Early Learning for its response and commitment to resolving the issues identified.

Applicable Laws and Regulations

The Office of Financial Management Section 85.32.10, states in part: State Administrative and Accounting Manual,

At a minimum, agencies are . . . to establish and implement the following: 1. Controls to ensure that all expenditures/expenses disbursements are for lawful and proper purposes . . . . and

RCW 74.15.030 states in part: The secretary shall have the power and it shall be the secretarys duty: (2) In consultation with the childrens services advisory committee, and with the advice and assistance of persons representative of the various type agencies to be licensed, to adopt and publish minimum requirements for licensing applicable to each of the various categories of agencies to be licensed.

Washington State Auditors Office 20

The minimum requirements shall be limited to: (b) The character, suitability and competence of an agency and other persons associated with an agency directly responsible for the care and treatment of children, expectant mothers or developmentally disabled persons....In order to determine the suitability of applicants for an agency license, licensees, their employees, and other persons who have unsupervised access to children in care, and who have not resided in the state of Washington during the three-year period before being authorized to care for children shall be fingerprinted. WAC 388-296-0180 states: (1) At the time you apply for a license you must submit a completed background check form and finger print card if required to the background check central unit (BCCU) for each person who will have unsupervised access to children in your care. This includes: (a) You; (b) Members of your household sixteen years and older; (c) Staff; (d) Volunteers; and (e) Other persons living at the same address as you. (2) When you plan to have new staff or volunteers, you must require each person to complete and submit to you by the date of hire a criminal history and background check form: (a) You must submit this form to the BCCU for the employee and volunteer, within seven calendar days of the employee's or volunteer's first day of work, permitting a criminal and background history check. (b) The employee and volunteer must not have unsupervised access to the children in care until they have been cleared by a full background check. WAC 388-295-7050 states: (1) Each employee and volunteer who has unsupervised access to a child in care must complete the following forms on or before their date of hire: (a) An application for employment on a form prescribed by us, or on a comparable form approved by the department; and (b) A criminal history and background inquiry form. (2) You must submit the criminal history and background inquiry form to us within seven calendar days of the employee's first day of work. The form authorizes a criminal history background inquiry for that person.

Washington State Auditors Office 21

WAC 388-295-0070, states in part: (1) You, your staff and volunteers must have the following personal characteristics in order to operate or work in a child care facility: (a) The understanding, ability, physical health, emotional stability, good judgment and personality suited to meet the physical, intellectual, mental, emotional, and social needs of the children in care; (b) Be qualified by our background inquiry check prior to having unsupervised access to children. To "be qualified" means not having been convicted of, or have charges pending for, crimes posted on the DSHS secretary's list of permanently disqualifying convictions for ESA. You can find the complete list at: http://www.dshs.wa.gov/esa/dccel/policy.shtml. This includes not having committed or been convicted of child abuse or any crime involving harm to another person . . . . The Department of Social and Health Services, Licensing Methods and Practices Manual, states: Center licensors should monitor facilities annually to determine compliance with WACs. FCC licensors should monitor homes at least once every 18 months to determine compliance with WACs.

Washington State Auditors Office 22

Status of Prior Audit Findings

State of Washington Department of Social and Health Services
The status of findings contained in the prior years audit reports of the Department is provided below: 1. The Department of Social and Health Services does not have adequate internal controls over the processing of expenditures through the Agency Financial Reporting System. Accountability Report, dated April 27, 2006 Status Finding is not resolved. See current year audit Finding 1. 2. The Department of Social and Health Services, Division of Child Care and Early Learning and Childrens Administration, did not perform adequate background checks. Accountability Report, dated April 27, 2006 Status Finding is not resolved. See current year audit Finding 4. 3. The Department of Social and Health Services made unallowable duplicate payments through the Social Services Payment System. Accountability Report, dated April 27, 2006 Status Finding is not resolved. See current year audit Finding 3. 4. The Department of Social and Health Services does not ensure that all recovered overpayments are credited to the appropriate funding source. Accountability Report, dated April 27, 2006 Status The finding is resolved. Our testing revealed the Department had taken corrective action and implemented procedures to correctly credit recovered overpayments. 5. The Department of Social and Health Services does not have adequate internal controls over the Social Services Payment System. Accountability Report, dated April 27, 2006 Status The finding is resolved. Our testing revealed the Department took steps to address the significant majority of weaknesses identified, reducing the risk of inappropriate access or use of the system.
Washington State Auditors Office 23

6.

The Department of Social and Health Services should establish adequate internal controls to ensure that vehicles used to transport clients of supported living services are properly insured. Accountability Report, dated April 27, 2006 Status Finding is not resolved. See current year audit Finding 2.

The status of prior year federal findings, including those related to the Medicaid program, can be found in the 2006 Single Audit Report issued by the Office of Financial Management. A link to that report can be found on our Web site at www.sao.wa.gov.

Washington State Auditors Office 24

Summary of Federal Audit Findings

State of Washington Department of Social and Health Services
The results of our federal audit work are included in a report issued by the Office of Financial Management. Below is a summary of significant conditions identified during the course of that work.
1. The Department of Social and Health Services, Aging and Disability Services Administration, does not ensure providers of home health care services are Medicare certified as required by the Medicaid State Plan. The Department of Social and Health Services is not complying with federal regulations that require people receiving Medicaid benefits to have valid Social Security numbers. The Department of Social and Health Services, Health and Recovery Services Administration, has not established sufficient internal controls to prevent Medicaid payments for services provided after a clients death or to prevent payments for services provided to individuals using the Social Security number of a deceased person. The Department of Social and Health Services, Health and Recovery Services Administration, does not have adequate controls to ensure compliance with Medicaid requirements to identify third parties responsible for payments for pharmaceutical services. The Department of Social and Health Services, Health and Recovery Services Administration, has not established sufficient internal controls to support decisions on the eligibility of clients enrolled in Medicaids Basic Health Plus program. The Department of Social and Health Services, Health and Recovery Services Administration, does not have adequate controls to ensure claims for wheelchairs and wheelchair accessories are properly authorized as required by law. The Department of Social and Health Services, Health and Recovery Services Administration, is not complying with federal requirements to defer Medicaid expenditures related to undocumented aliens as instructed by the Centers for Medicare and Medicaid Services. The Department of Social and Health Services paid providers with Medicaid funds through the Social Services Payment System for services to clients using Social Security numbers belonging to deceased persons. The Department of Health and the Department of Social and Health Services, Health and Recovery Services Administration, are not ensuring compliance with federal law regarding hospital surveys. The Department of Social and Health Services, Aging and Disability Services Administration, does not perform certification surveys of Intermediate Care Facilities for the developmentally disabled according to federal law. The Department of Social and Health Services does not have adequate internal controls to ensure clients seeking to obtain medical benefits through the Medicaid program have applied according to federal regulations. The Department of Social and Health Services, Office of Financial Recovery and Health and Recovery Services Administration, does not have adequate internal controls to ensure that final settlement amounts are refunded to the federal government and in a timely manner.

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

Washington State Auditors Office 25

13.

The Department of Social and Health Services, Health and Recovery Services Administration, has not established internal controls sufficient to ensure payment rates to its Healthy Options managed care providers are based on accurate data. The Department of Social and Health Services does not have adequate controls to ensure home health agencies are licensed, Medicare-certified and have signed Core Provider Agreements as required by law. The Department of Social and Health Services does not have adequate controls in place to ensure providers of durable medical equipment exist, are properly licensed and have submitted accurate information. The Department of Social and Health Services is not adequately reviewing pharmaceutical claims to identify patterns of fraud and abuse. The Department of Social and Health Services has not established effective procedures in all administrations to ensure compliance with the federal Medicaid requirements for reporting adult victims of residential abuse to the Medicaid Fraud Control Unit. The agreement between the Department of Health and the Department of Social and Health Services, Health and Recovery Services Administration, covering hospitals survey activities does not comply with federal requirements. The Department of Social and Health Services, Economic Services Administration, is not in compliance with eligibility requirements for the Temporary Assistance for Needy Families Program. The Department of Social and Health Services, Division of Child Support, is not complying with federal requirements for time and effort reporting for the Child Support Enforcement grant. The Department of Social and Health Services, Division of Child Support, does not have adequate internal controls to ensure compliance with federal reporting requirements for the federal Child Support Enforcement grant. The Department of Social and Health Services and the Department of Early Learning do not have adequate internal controls over direct payments made to child care providers. The Department of Social and Health Services and the Department of Early Learning do not have adequate internal controls in place to ensure only eligible clients receive federal child care subsidies. The Department of Social and Health Services did not comply with federal requirements for suspension and debarment for the Social Services Block Grant. The Department of Social and Health Services, Division of Alcohol and Substance Abuse used federal funds to pay contractors a guaranteed amount above the actual level of service being provided. The Department of Social and Health Services, Economic Services Administration, reimbursed contractors for services that were not adequately supported. The Department of Social and Health Services is not complying with federal requirements for time and effort reporting for the federal Vocational Rehabilitation Program. The Department of Social and Health Services, Division of Disability Determination Services received reimbursement for unallowable costs for the Social Security Disability Insurance Programs. The Department of Social and Health Services, Division of Disability Determination Services charged unallowable costs to Social Security Disability Insurance Programs.

14.

15.

16.

17.

18.

19.

20.

21.

22.

23.

24.

25.

26.

27.

28.

29.

Washington State Auditors Office 26

30.

The Department of Social and Health Services, Division of Disability Determination Services, did not comply with state and federal regulations when contracting for services paid with Social Security Disability Insurance Program funds.

Finding details can be found in the 2006 Single Audit Report issued by the Office of Financial Management. A link to that report can be found on our Web site at www.sao.wa.gov.

Washington State Auditors Office 27