Department of Finance
Financial Audit Division
The Office of the Legislative Auditor (OLA) is a professional, nonpartisan office in the legislative branch of Minnesota State government. Its principal responsibility is to audit and evaluate the agencies and programs of state government (the State Auditor audits local governments). OLA's Financial Audit Division annually audits the state's financial statements and, on a rotating schedule, audits agencies in the executive and judicial branches of state government, three metropolitan agencies, and several "semi-state" organizations. The division also investigates allegations that state resources have been used inappropriately. The division has a staff of approximately fifty auditors, most of whom are CPAs. The division conducts audits in accordance with standards established by the American Institute of Certified Public Accountants and the Comptroller General of the United States.

Consistent with OLA's mission, the Financial Audit Division works to:
· Promote Accountability, · Strengthen Legislative Oversight, and
· Support Good Financial Management.
Through its Program Evaluation Division, OLA conducts several evaluations each year and one best practices review.

OLA is under the direction of the Legislative Auditor, who is appointed for a six-year term by the Legislative Audit Commission (LAC). The LAC is a bipartisan commission of Representatives and Senators. It annually selects topics for the Program Evaluation Division, but is generally not involved in scheduling financial audits.

All findings, conclusions, and recommendations in reports issued by the Office of the Legislative Auditor are solely the responsibility of the office and may not reflect the views of the LAC, its individual members, or other members of the Minnesota Legislature.

This document can be made available in alternative formats, such as large print, Braille, or audio tape, by calling 651-296-1727 (voice), or the Minnesota Relay Service at 651-297-5353 or 1-800-627-3529. All OLA reports are available at our Web Site: http://www.auditor.leg.state.mn.us

If you have comments about our work, or you want to suggest an audit, investigation, evaluation, or best practices review, please contact us at 651-296-4708 or by e-mail legislative.auditor@state.mn.us

Audit Participation

The following members of the Office of the Legislative Audit prepared this report:

Claudia Gudvangen, CPA Deputy Legislative Auditor
Jim Riebe, CPA Audit Manager
Jeanine Leifeld, CPA, CISA Audit Manager
Chris Buse, CPA, CISA, CISSP Audit Manager
Michael Hassing, CPA Audit Director
Susan Kachelmeyer, CPA, CISA Team Leader
Mark Mathison, CPA, CISA Team Leader
Patrick Ryan Team Leader
Ching-Huei Chen Auditor
John Hakes, CPA Auditor
Marisa Isenberg Auditor
Susan Mady Auditor
David Massaglia Auditor
Kristen Poore Auditor
Karen Dee Intern

Exit Conference

We discussed the findings and recommendations in this report with the following representatives of the Department of Finance at the exit conference held on March 4, 2003:

Dan McElroy Commissioner
Anne Barry Deputy Commissioner
Jean Henning Chief Information Officer
Lori Mo Assistant Commissioner, Accounting Services
and Information Technology
Barb Ruckheim Financial Reporting Director
Pete Mauer Financial Reporting Supervisor
Ron Mavetz General Ledger Division
Ron Gates Technical Services Division

Report Summary

Key Audit Conclusions:

· We issued an unqualified audit opinion, dated December 6, 2002, on the State of Minnesota's basic financial statements for the year ended June 30, 2002. In accordance with Government Auditing Standards, we also issued our report, dated December 6, 2002, on our consideration of the State of Minnesota's internal control over financial reporting and our tests of compliance with certain provisions of laws, regulations, contracts, and grants. In March 2003, we will issue our report on compliance with requirements applicable to each major federal program and internal control over compliance in accordance with the U.S. Office of Management and Budget's Circular A-133.

Key Findings:

· The Department of Finance did not properly secure access to the databases and queries used to prepare the state's financial statements. Limiting security clearances is an important control to prevent unauthorized changes to the data that underlies the state's financial statements. Without appropriate security controls, unauthorized data changes could lead to costly delays in the financial statement preparation process. Unauthorized data changes could also diminish the integrity of information that the department uses to make important financial reporting decisions. (Finding 1, page 3)

· The Budget Division and Accounting Services Division published different budget reports that require reconciliation. The department's preliminary budgetary financial statements also contained errors and omissions that resulted in audit adjustments. We recommended that the department search for ways to modify its budgetary financial reporting practices to reduce the differences and minimize confusion and perform analytical reviews to identify errors and omissions in preliminary budgetary financial statements. (Finding 2, page 4)

· The department did not ensure the accuracy and completeness of financial information received from other state agencies for inclusion in the state's financial statements. We made several audit adjustments related to this financial activity. Left uncorrected, these types of transactions have the potential to negatively impact the accuracy of the state's financial reporting process. (Finding 3, page 5)

Management letters address internal control weaknesses and noncompliance issues we identified during our audit of the state's financial statements and federally funded programs. The scope of our work in the Department of Finance was limited to those activities administered by the department that were material to the State of Minnesota's basic financial statements and administration of federal financial assistance programs for the fiscal year ended June 30, 2002. The audit focused primarily on preparation of the state's basic financial statements as well as certain of the department's statewide financial management responsibilities relating to cash and debt management and the state's accounting system. The department's response to our recommendations is included in the report.

Senator Ann H. Rest, Chair
Legislative Audit Commission

Members of the Legislative Audit Commission

Mr. Dan McElroy, Commissioner
Department of Finance

We have performed certain audit procedures at the Department of Finance as part of our audit of the basic financial statements of the State of Minnesota as of and for the year ended June 30, 2002. We also audited the state's compliance with applicable requirements governing the administration of federal awards for the year ended June 30, 2002, as described in the U.S. Office of Management and Budget's Circular A-133 Compliance Supplement. We emphasize that this has not been a comprehensive audit of the Department of Finance.

The Department of Finance is responsible for statewide financial planning and reporting. The department prepares the Comprehensive Annual Financial Report that contains the state's basic financial statements. The department also prepares the Financial and Compliance Report of Federally Assisted Programs (Single Audit report) each year. The department manages the state's main accounting systems, coordinates the sale of state general obligation bonds, enters into master lease purchase agreements for state agencies, processes payments of some appropriations and grants, and provides guidance to other state agencies in areas of financial management.

We conducted our audit in accordance with auditing standards generally accepted in the United States of America and the standards applicable to financial audits contained in the Government Auditing Standards, issued by the Comptroller General of the United States of America.

Conclusions

We issued an unqualified audit opinion, dated December 6, 2002, on the State of Minnesota's basic financial statements for the year ended June 30, 2002. In accordance with Government Auditing Standards, we also issued our report, dated December 6, 2002, on our consideration of the State of Minnesota's internal control over financial reporting and our tests of compliance with certain provisions of laws, regulations, contracts, and grants. In March 2003, we will issue our report on compliance with requirements applicable to each major federal program and internal control over compliance in accordance with the U.S. Office of Management and Budget's Circular A-133.

As a result of our financial statement audit, we identified some internal control weaknesses over financial reporting that we discuss in the following findings.

1. The financial reporting unit did not properly secure the financial statement preparation databases and queries.

Some financial reporting employees had unnecessary clearance to the data and computer programs that are used to prepare the Comprehensive Annual Financial Report. Limiting security clearances is an important control to prevent unauthorized changes to the data that underlies the state's financial statements. Without appropriate security controls, unauthorized data changes could lead to costly delays in the financial statement preparation process. Unauthorized data changes could also diminish the integrity of information that the department uses to make important financial reporting decisions.
The department used a financial reporting software package along with several different databases and queries to prepare the state's financial statements. We assessed security controls over these financial reporting components and found some employees with inappropriate clearances and others that shared accounts and passwords. We also found the department did not secure one powerful database administration account. The following is a synopsis of the security concerns that came to our attention:

· Twenty-two employees could make changes to the databases that were used to gather and reformat statewide accounting system financial information. Some of these employees may have needed read-only access to the databases to fulfill their job duties. However, very few employees needed clearance to modify the financial reporting data or the underlying extraction queries.

· Thirteen employees could modify the worksheet that the department used to generate the camera-ready financial statements. The department designated specific employees to make all changes to this worksheet because it contains complex formulas that interact with the financial reporting software. However, other employees could easily circumvent these change control procedures.

· Two employees shared a powerful account that was used to administer the financial reporting software. This administrative account had complete and unfettered access to all financial reporting data, including the chart of accounts.

· All employees in the financial reporting unit shared an account to access a financial reporting information warehouse (referred to as "Idata"). This shared account gave the employees the ability to update or delete the Idata information, even though such clearance was not necessary.

· The department did not assign a password to one extremely powerful database administration account. This account had complete access to all data underlying the financial reporting software. When questioned, the department took immediate action to remedy this security weakness.

Assigning unique accounts and passwords to all employees is important because it provides organizations with a mechanism to identify the person who initiated each transaction. Sharing passwords is always unacceptable because it destroys individual accountability. Once a password has been shared, it is virtually impossible to identify who initiated a specific computerized transaction.

Recommendations

· When granting access to the financial reporting databases and queries, the department should give employees the minimum clearance necessary to perform their job duties.

· The department should prohibit employees from sharing passwords.

2. The department published different budgetary financial reports that require reconciliation and had errors and omissions in its preliminary budgetary financial statements.

The Budget Division and the Accounting Services Division each publish separate budgetary financial reports for funds with legally adopted budgets. Each division's reports outlines the projected revenues, expenditures, and undesignated balance of each fund. By design, the two divisions do not always use the same criteria to account for financial events. As a result, the same fund often had a different undesignated balance in each division's budgetary report.

For the most part, each division produces its budgetary reports independently. The Budget Division publishes a Biennial Operating Budget several times throughout the fiscal year. At the end of the fiscal year, the Budget Division then adjusts its estimates to reflect the actual financial activities that occurred. The Accounting Services Division publishes projected and actual budgetary data in the state's Comprehensive Annual Financial Report (CAFR) and its Legal Level of Budgetary Control (LLBC) report. When questioned, Accounting Services Division employees told us that they produce their own budgetary financial reports because those produced by the Budget Division do not contain the necessary level of detail for financial reporting purposes.

Our audit identified significant differences between the two divisions' budgetary reports. For example, in its final fiscal year 2002 Biennial Operating Budget, the department reported a budgetary fund balance of $205 million for the Trunk Highway Fund. This balance was 26 percent lower than the actual ending fund balance reported in the state's CAFR. Other funds had significant differences as well. We asked the department to investigate selected variances and learned that each division uses different criteria to account for certain financial activities. For example, long-term government projects are typically encumbered in the state's accounting system when contracts are executed. The Budget Division counts all of the anticipated contract payments as expenditures in the year when the contract is encumbered. However, the Accounting Services Division recognizes the expenditures over the life of the project, as contractors are paid. We also learned that each division records fund balance reservations differently. Adopting consistent budgetary financial reporting practices throughout the department could help alleviate the confusion between the two types of budgetary reports.

Finally, our audit identified many errors and omissions that required adjustments to the department's preliminary budgetary financial statements contained in the CAFR and the LLBC report. For example, we identified $152 million that was omitted from the General Fund's original budget. We detected the error by comparing the preliminary budgetary financial statements to the Biennial Operating Budget. In addition, we made adjustments to remedy inaccurate reservations of fund balance in several funds, and to remove reservations that had no legal basis. We also made adjustments to the Natural Resources Fund budgetary statements because the department did not include financial information for certain aspects of the fund's financial activities. A more effective use of analytical review procedures, including a comparison of last year's financial statements to the current year's preliminary financial statements and other sources of information, could help the department identify these types of errors and omissions.

Recommendations

· The department should search for ways to modify its budgetary financial reporting practices to reduce the differences and minimize confusion.

· The department should perform analytical review procedures to identify potential errors and omissions in its budgetary financial statements.

3. The financial reporting unit did not ensure the accuracy and completeness of some financial information provided by other state agencies for inclusion in the state's financial statements.

The Department of Finance did not adequately monitor some financial information provided by other state agencies for external financial reporting. We adjusted the financial statements for several types of financial reporting inaccuracies involving accounts payable, revenues and associated accounts receivable, and errors with financial statements prepared by other state agencies.

In the past two years, new accounting principles have significantly impacted external financial reporting for governments. The new accounting principles significantly changed the way governments account for grant activity and how governments present external financial statements. The Department of Finance oversees and coordinates the reporting of financial activity by informing state agencies of applicable accounting requirements, providing checklists and memorandums documenting the requirements, and by analyzing various financial transactions recorded on the state's accounting systems. We found, however, the following errors and omissions in the information provided by certain state agencies. Left uncorrected, these types of transactions have the potential to impact the accuracy of the state's financial reporting process.

· We noted several concerns with the financial information submitted by the Minnesota Department of Transportation (MnDOT):

--MnDOT understated accounts payable in the county highway and municipal street state aid funds by $23.7 million. MnDOT records the payments in a subsystem so that relevant information is not available in the state's primary accounting system for financial reporting. The department needs to adjust the financial statements to accurately record these payments.

--MnDOT incorrectly reported $13.6 million in revenues in its fund financial statements. This error resulted in these revenues erroneously being reported on the Government-wide Statement of Activities as other general revenue rather than program revenues of the Transportation or Public Safety and Corrections Functions.

--MnDOT incorrectly included state funded projects in its calculation of federal aid receivables.

· The Department of Human Services (DHS) did not recognize accounts receivable in accordance with applicable accounting principles, and did not categorize its receivables in a way to facilitate financial reporting. For example, DHS erroneously recognized accounts receivable when it sent out invoices for surcharges to hospitals and health maintenance organizations rather than when the underlying economic event (when the organization earned the revenue) occurred. The department also did not consistently recognize accounts receivable for benefit recoveries, even after a legal claim had been established. In addition, the department's accounts receivable reports had several inaccuracies and did not provide enough detail to allow for proper presentation in the state's financial statements.

· Children, Families & Learning continued to incorrectly report some expenditure transactions on the state's accounting system. The errors resulted in audit adjustments totaling over $8 million to prevent an understatement of liabilities on the state's financial statements. Since the additional liabilities would have been offset by recognizing federal aid receivables associated with those transactions, the fund balance would not have been affected.

· The preliminary financial statements prepared by the Iron Range Resources and Rehabilitation Agency (IRRRA) for the Giants Ridge Golf and Ski Resort had certain fundamental problems. The cash balance on the financial statements did not reconcile to the state's accounting system and included other IRRRA activity. Although the IRRRA had compiled financial information for Giants Ridge in the past, the financial reporting requirements for the fund changed with the implementation of the new governmental accounting principles this year. The Department of Finance could have averted these problems if it had determined earlier that the financial activity recorded on the state's accounting system did not support the agency prepared statements.

The Department of Finance delegates responsibility to all state agencies for the proper reporting of financial activity in accordance with generally accepted accounting principles. Finance is, however, ultimately responsible for the accurate presentation of the information in the state's financial statements.

Recommendation

· The Department of Finance needs to work with certain state agencies to improve the accuracy of the financial information submitted for external financial reporting.

This report is intended for the information of the Legislative Audit Commission and the management of the Department of Finance. This restriction is not intended to limit the distribution of this report, which was released as a public document on March 13, 2003.

/s/ James R. Nobles /s/ Claudia J. Gudvangen

James R. Nobles Claudia J. Gudvangen, CPA
Legislative Auditor Deputy Legislative Auditor

End of Fieldwork: January 31, 2003

Report Signed On: March 11, 2003

Status of Prior Audit Issues
As of January 31, 2003

March 21, 2002, Legislative Audit Report 02-20 examined the department's activities and programs material to the State of Minnesota's Comprehensive Annual Financial Report and the Single Audit for the year ended June 30, 2001. The financial statement scope included cash and debt management, capital assets, and various loan programs. The Single Audit scope covered compliance with federal requirements relating to cash management and statewide indirect costs. In addition, we reviewed internal controls over selected administrative operations of the department, including payroll, computer system services, purchases of supplies and equipment, and non-operating grants and claims. The report did not contain any findings required to be reported under Government Auditing Standards.

State of Minnesota Audit Follow-Up Process

The Department of Finance, on behalf of the Governor, maintains a quarterly process for following up on issues cited in financial audit reports issued by the Legislative Auditor. The process consists of an exchange of written correspondence that documents the status of audit findings. The follow-up process continues until Finance is satisfied that the issues have been resolved. It covers entities headed by gubernatorial appointees, including most state agencies, boards, commissions, and Minnesota state colleges and universities. It is not applied to audits of the University of Minnesota, any quasi-state organizations, such as the metropolitan agencies, or the State Agricultural Society, the state constitutional officers, or the judicial branch.