Auditor General releases State of Rhode Island Single Audit Report for Fiscal 2020
The annual Single Audit of the State of Rhode Island for the fiscal year ended June 30, 2020, resulted in 72 findings related to the administration of federal programs and the State’s key financial operations. Expenditures funded from federal sources increased dramatically in Fiscal 2020 due to assistance made available in response to the global COVID-19 pandemic. Expenditures from COVID-19 related funding in fiscal 2020 totaled more than $1.4 billion – more than $1 billion for unemployment benefits.
The Single Audit Report, prepared by Auditor General Dennis E. Hoyle, was recently released by the Joint Committee on Legislative Services. The annual audit is required by both State and federal law as a condition of continued federal assistance.
The Single Audit Report also includes a detailed schedule of federal award expenditures and reports outlining internal control deficiencies and noncompliance relating to financial reporting and the administration of federal programs. The report includes the State’s financial statements which were previously communicated in the State’s Fiscal 2020 Annual Financial Report.
Federal assistance consists of both direct cash and noncash awards (e.g., loan and loan guarantee programs and donated food commodities). Federal assistance is received under a wide variety of more than 450 individual programs. Many programs are jointly financed with federal and state funding. Medicaid is the single largest program with fiscal 2020 expenditures totaling approximately $2.9 billion – the federal government shared $1.7 billion of that cost.
The auditors previously communicated (in a separate report released in April 2021) 25 findings related to the State’s controls over financial reporting. A link to that separate report, which also includes 19 management comments (not included in the single audit report) is shown below:
http://www.oag.ri.gov/reports/2020_FinStmt_FindingsMC.pdf
The auditors reported that controls over final centralized approval of expenditures funded by the Coronavirus Relief Fund (CRF) should be improved. Questioned costs were identified by an internal monitoring audit for Workforce Stabilization Loans made to congregate care providers who could not demonstrate the funds were used in accordance with loan agreements. These amounts are in the process of being recouped from providers.
Controls over the processing of unemployment insurance claims are ineffective to sufficiently prevent fraudulent unemployment insurance benefit payments. The Department of Labor and Training’s (DLT) current estimate of known or suspected fraudulent benefits paid during fiscal 2020 is $171 million.
Controls within RIBridges (the integrated eligibility system used to administer multiple federal benefit programs) are inadequate to ensure that user access is limited to only authorized individuals and such access is consistent with each user’s specific scope of duties. Additionally, automated password change controls were not operational, and therefore, users were not required to change passwords at required intervals.
The Executive Office of Health and Human Services, the Department of Human Services and the Division of Information Technology must enhance systems security oversight over systems used to administer multiple federally funded programs to fully comply with federal regulations relating to ADP risk and system security review. The plan must be sufficiently comprehensive and include timely reaction to and consideration of identified security issues and risk factors.
The State did not materially comply with Children’s Health Insurance Program eligibility requirements during fiscal 2020 – RIBridges is not fully evaluating all eligibility criteria to ensure compliance with federal regulations. The State did not materially comply with Medicaid eligibility requirements due to control deficiencies relating to the processing and documentation of recipient eligibility.
The State should improve controls to ensure that its managed care organizations (MCOs) are maximizing third party liability insurance recoveries for Medicaid recipients.
The auditors questioned costs totaling $5.5 million related to retainer payments made to certain providers that did not comply with Medicaid State Plan requirements.
Data discrepancies exist between the systems used to determine Medicaid and CHIP eligibility (RIBridges) and the claims/capitation payment system (MMIS). This impacts controls to ensure payments are only made on behalf of eligible individuals and has resulted in duplicate capitation payments to managed care organizations.
EOHHS should adopt stricter settlement requirements when performing contract settlement for its MCOs. Capitation payments to MCOs represent approximately 55% of Medicaid benefit expenditures. EOHHS needs to develop a comprehensive risk assessment and monitoring plan to ensure that managed care expenditures are validated and settled each contract period. The State is also not currently in compliance with federal regulations for the screening, enrollment, and revalidation of providers used in MCO networks.
Claims for HIV drugs were paid through the AIDS Drug Assistance Program rather than Medicaid when the program participant had established Medicaid eligibility. Approximately $500,000 in pharmacy claims should have been paid through Medicaid. Pharmacy rebates and related expenditures should be accounted for as federal funds consistent with program guidelines and requirements.
The State can improve compliance with TANF eligibility requirements specifically by ensuring consistent documentation of eligibility components within RIBridges. The State began to meet the required Income Eligibility and Verification System requirements in fiscal 2020.
Multiple programs had findings related to the need to review and consider Service Organization Control reports when vendors perform elements of program administration. Similarly, subrecipient monitoring activities can be improved for multiple programs. Many federally funded programs provide funding to subrecipients and the State must have monitoring procedures to ensure they comply with the same federal program requirements.
Management’s response and planned corrective actions are included within the Single Audit Report. A Summary Schedule of Prior Audit Findings, which reports the status of findings from prior audits, is also included.
The State’s Single Audit Report was submitted to the Federal Single Audit Clearinghouse – this data is then made available to all federal funding agencies. The Single Audit Report and related Audit Summary are available on the Office of the Auditor General’s website:
http://www.oag.ri.gov/reports/SA_RI_2020.pdf
http://www.oag.ri.gov/reports/SA_RI_2020_Summary.pdf