FINAL PREL AUDIT GEN'L REPORT - ExecIns AC 12-17-04

Jarak - Iad

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

32 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

S U M M I T C O U N T Y, O H I O B E R N A R D F. Z A U C H A, C P A, M B A, C I A, D I R E C T O R February 1, 2005 Ken Jones Director of Insurance and Risk Management 175 South Main Street Akron, Ohio 44308 Re: Final Report for the Department of Insurance and Risk Management’s Preliminary Audit Dear Mr. Jones: Attached is the final report of the Department of Insurance and Risk Management’s preliminary audit which was discussed with members of senior management on April 30, 2004. In addition, please note that the Department of Insurance and Risk Management’s management action plan was incorporated into the final report. The report was approved by the Audit Committee at its December 17, 2004 meeting at which time it became public record. We appreciate the cooperation and assistance received during the course of this audit. If you have any questions about the audit or this report, please feel free to contact me at extension (330) 643-2655. Sincerely, Bernard F. Zaucha Director, Internal Audit cc: Audit Committee James B. McCarthy INTERNAL AUDIT DEPARTMENT 175 S. MAIN STREET · AKRON, OHIO 44308 – 1308 VOICE: 330.643.2504 · FAX: 330-643-8751 www.co.summit.oh.us DEPARTMENT OF INSURANCE AND RISK MANAGEMENT Preliminary Audit 04-INS- Exec-13 April, 2004 Approved by Audit Committee December 17, 2004 Summit County Internal Audit Department 175 South Main ...

Informations

Publié par	Jarak
Nombre de lectures	7
Langue	English

Extrait

S U M M I T C O U N T Y, O H I O B E R N A R D F. Z A U C H A, C P A, M B A, C I A, D I R E C T O R

February 1, 2005 Ken Jones Director of Insurance and Risk Management 175 South Main Street Akron, Ohio 44308 Re: Final Report for the Department of Insurance and Risk Management’s Preliminary Audit Dear Mr. Jones: Attached is the final report of the Department of Insurance and Risk Management’s preliminary audit which was discussed with members of senior management on April 30, 2004. In addition, please note that the Department of Insurance and Risk Management’s management action plan was incorporated into the final report. The report was approved by the Audit Committee at its December 17, 2004 meeting at which time it became public record. We appreciate the cooperation and assistance received during the course of this audit. If you have any questions about the audit or this report, please feel free to contact me at extension (330) 643-2655. Sincerely, Bernard F. Zaucha Director, Internal Audit cc: Audit Committee James B. McCarthy INTERNAL AUDIT DEPARTMENT 175 S. MAIN STREET∙ AKRON, OHIO 44308 1308 VOICE: 330.643.2504∙FAX: 330-643-8751 www.co.summit.oh.us

DEPARTMENT OF INSURANCE AND RISK MANAGEMENT

Preliminary Audit 04-INS- Exec-13 April, 2004 Approved by Audit Committee December 17, 2004

Summit County Internal Audit Department 175 South Main Street Akron, Ohio 44308

Bernard F. Zaucha, Director Lisa L. Skapura, Assistant Director Dan Crews, Senior Auditor Joseph P. George, Internal Auditor Deanna Calvin, Internal Auditor

I. II. III. IV.

Department of Insurance and Risk Management Preliminary Audit TABLE OF CONTENTS Background. 4

Objectives 5-6

Scope 5

Detailed Comments..... 7-32

- 3-

Department of Insurance and Risk Management Preliminary Audit BACKGROUND

Auditors:Dan Crews, Joseph George and Deanna Calvin Skapura, Lisa Background: ¾ Insurance and Risk Management (IRM) is responsible for all insurance related matters for most of the County’s employees and infrastructure. ¾ IRM monitors and pays claims for incidents involving County vehicles. ¾ and obtaining quotes for the County’s health, life, dental, andIRM is responsible for researching vision insurance. Upon approval by Council, the department oversees those benefits. ¾ offerings to County employees during the benefitsIRM personnel present the County’s insurance election period in November and assist staff with completion of benefits selection documents. ¾ The IRM oversees all infrastructure insurance matters relating to property, casualty and liability insurance for buildings, property, and fixed assets of the County. They work closely with Bob Holland and the Administrative Services Department, to inventory all insured infrastructure of the County, and with the Fiscal Office Finance Department for fixed asset insurance. ¾ IRM oversees insurance on vehicles and buildings of MRDD, CSB (i.e. buses, vans, group homes.) ¾ IRM oversees the workers compensation program for the County. ¾ IRM oversees the Employee Assistance Program for County employees. ¾ IRM oversees the Substance Abuse Program for County employees in conjunction with HRD. ¾ IRM oversees all bonding of public officials and employees.

- 4-

Department of Insurance and Risk Management Preliminary Audit OBJECTIVES AUDIT OBJECTIVES AND METHODOLOGY The primary focus of this review was to provide the Department of Insurance and Risk Management with reasonable assurance, based on the testing performed, on the adequacy of the system of management control in effect for the audit areas tested. Management controls include the processes for planning, organizing, directing, and controlling program operations, including systems for measuring, reporting, and monitoring performance. Management is responsible for establishing and maintaining effective controls that, in general, include the plan of organization, methods, and procedures to ensure that goals are met. Specific audit objectives include evaluating the policies, procedures, and internal controls related to the Department of Insurance and Risk Management. Our review was conducted in accordance with Government Auditing Standards issued by the Comptroller General of the United States and accordingly included such tests of records and other auditing procedures as we considered necessary under the circumstances. Our procedures include interviewing staff, reviewing procedures and other information and testing internal controls as needed to assess compliance with policies and procedures. Based on the results of our review, we prepared specific issues and recommendations for improvement that were discussed with management. These recommendations, as well as management’s written response, can be found in the following sections of this report. Objectives: 1. To obtain and review the current policies and procedures. 2. To review the internal control structure through employee interviews and observation. 3. To perform a general overview of existing contracts in the department. 4. To perform a general overview of the physical environment and security of the facilities, data, records and departmental personnel. Scope: An overview and evaluation of the existing policies, processes, procedures, contracts and internal control structure utilized by the department. Testing Procedures: The following were the major audit steps performed:

- 5-

OBJECTIVE 1 POLICY AND PROCEDURES REVIEW 1. Obtain and review the current policies and procedures. 2. Meet with the appropriate personnel to obtain an understanding of the current department processes and procedures. Compare those existing processes to the policies and procedures manual for consistency, noting all exceptions. 3. Test procedures for mandatory compliance where applicable. 4. Identify audit issues and make recommendations where appropriate. OBJECTIVE 2 REVIEW OF INTERNAL CONTROLS 5. Meet with the appropriate personnel to obtain an understanding of the control environment. 6. Document the existing control procedures in narratives and/or flowcharts. 7. Compare existing processes to the policies and procedures manual for consistency. 8. Test procedures for compliance where applicable, noting all exceptions. 9. Investigate discrepancies and summarize results. 10. Make recommendations where appropriate. OBJECTIVE 3 CONTRACT REVIEW 11. Obtain and review the current operating contracts, i.e., vendor contracts, union contracts, and service contracts. 12. Determine that contracts are current, properly executed, and applicable. 13. Test the contracts for departmental performance, where appropriate, noting all exceptions. OBJECTIVE 4 REVIEW OF SECURITY 14. Perform a general overview of the physical environment and security of the department/ agency being audited. 15. Interview various personnel to determine that confidential information is secure and processed only by appropriate parties. 16. Obtain and review the document retention policy and determine if policies and procedures are currently in place and being followed. 17. Test security issues where appropriate. 18. Analyze current policies and make recommendations.

- 6-

Department of Insurance and Risk Management Preliminary Audit DETAILED COMMENTS It was noted throughout the audit of the Department of Insurance and Risk Management that it appeared that current support staff levels are inadequate in relation to the depth and scope of work necessary to complete the essential functions of this department. I. Policies & Procedures Review: IAD attempted to obtain and review the Department of Insurance and Risk Management Policy and Procedures manual. The following issues were noted: Issue There are no written policies and procedures for the following specific areas and overall: A) The Medical Mutual of Ohio Insurance enrollment procedures B) Workers Compensation Area C) The Voluntary Life Insurance Program D) Summa Health Insurance Program IAD was able to obtain the Substance Abuse Prevention Program Forms & Procedures. Recommendation IAD recommends that the Dept. of Insurance & Risk Management create formal policies and procedures for all facets of the department. These policies and procedures should cover, but not be limited to, areas such as the following: 1) What forms need to be completed. 2) Where the forms should be stored. 3) How to submit the forms. 4) How to process the forms. 5) How to follow up for specific areas. 6) How the policy is to be communicated to other departments. Additionally, employees should sign off indicating that they have read, understand, and agree to abide by them. This sign off sheet should indicate the date of the revision of the policies. Management Action Plan We have been compiling policies and procedures to cover all functions of the County’s Department of Insurance and Risk Management. We have several of the processes already written in draft form that are currently being reviewed to determine if they are appropriate. The goal is to have all procedure implemented and in final form by the end of 2004.

- 7-

II. Internal Control Testing: Internal control testing and/or observations were performed in the following areas: o Personnel Files o Interviews o Voluntary Life Insurance Program o Ohio Bureau of Worker’s Compensation o New Hire Drug Screening o Physician’s Return To Work Certification o Premiums and Claims Payments o Auto Insurance o Contractors/Vendors o Insurance Premium Payment Processing o Summa Insurance Program o Property Test o Workers Comp Injury Rate Comparison o OSHA Testing o Database Review o Prevailing Wages o MMO Insurance PERSONNEL FILES: IAD tested internal controls over personnel files to determine that appropriate documentation was included for each employee file selected. This was performed on all of the employees in the Department of Insurance and Risk Management. Issue Nine out of nine employees do not have a current annual evaluation in their personnel files. This is 100% of the sample. The primary goal of performance evaluations is to provide a process to assess actual performance in relation to goals and expectations. This process should be an ongoing, mutual exchange of information that promotes professional growth and contribution to the Department of Insurance and Risk Management. Recommendation IAD recommends that annual evaluations be performed as required by the Executive Personnel Policies and Procedures Manual. Management Action Plan We will begin to perform annual evaluations of all employees.

8--

INTERVIEWS: To gain an understanding of the Department of Insurance & Risk Management IAD interviewed the following individuals: 1) Sandy Szollosi, Worker’s Compensation Administrator 2) Carolyn Stevenson, Administrative Assistant 3) Linda Davis, Safety and Health Administrator 4) Greg Hartman, Office Manager 5) Keith Clark, Accountant I 6) Edna Borders, Administrative Secretary The following issues were noted: Issue There was individually identifiable information, such as names and social security numbers, on the desk of the Accountant I. His desk is a cubicle located in the common area of the department. Recommendations IAD recommends that the Insurance Dept. provide the Accountant I with file cabinets that can be locked. This will allow the employee to appropriately store his documentation in a secure location. Management Action Plan Now that the construction is completed in our area, Accountant 1 will be moving into a lockable office. We are also purchasing a new Jeter locking file system. Issue The Workers Compensation Administrator maintains Worker’s Compensation files in her office that contain employee medical information. These file cabinets have locks for which she has no key. The Workers Compensation Administrator locks her office when leaving for the day but does not lock the door when leaving for lunch or breaks Recommendations The Department of Insurance & Risk Management needs to replace the locks on the Workers Compensation Administrators’ cabinets so that the security of the files may be maintained at all times. Management Action Plan We have purchased and are currently in the process of installing a new Jeter locking filing system to house our Workers’ Compensation and Health files.

9--

Issue There are no written policies and procedures for the Worker’s Compensation area. Recommendations See recommendation in the Policies and Procedures Review section. Management Action Plan We have been compiling policies and procedures to cover all functions of the County’s Department of Insurance and Risk Management. We have several of the processes already written in draft form that are currently being reviewed to determine if they are appropriate. The goal is to have all procedure implemented and in final form by the end of 2004. Issue Written instructions regarding distributing injury reporting packets to employees have not been communicated to Appointing Authorities since 1997. New injury reporting packets, which instruct employees on procedures to follow in the event they are injured on the job, were printed in 2003. Some, but not all, of the Appointing Authorities were given these packets for distribution to their employees. Recommendations Written instructions should be distributed, along with injury reporting packets, to all Appointing Authorities, directing the department heads to distribute the packets and explain the contents of the packets to the employees. Management Action Plan Various departments have been contacted since approximately 1997, with packets as needed. We will be developing a newer current packet for overall distribution, along with following up on completing the Transitional Work Training Program. Issue There is no policy that details what documents are to be placed in an employee’s worker’s comp file. Recommendations The Worker’s Comp area should maintain a list of documents that are to be included in the employee’s worker’s comp file (FROI form, physician’s release to return to work, etc). Management Action Plan Although the checklist cannot be all-inclusive due to the nature of Workers’ Compensation claims, a list of standard forms, correspondence, etc. will be developed for the files

- 10-

Issue There is no written disaster recovery policy for information or employees. Specifically, beneficiary information would be lost. Recommendations The department needs to create a formal policy and determine what important information would be lost in case of a disaster. Management Action Plan Most of our information is stored both on paper and electronically on the County’s network drives. The network drives are backed up off site. Issue IAD noted that there is a lack of cross training for important countywide programs and paperwork. Recommendations Based on the fact that the Insurance Department does not have any written policies and procedures, IAD recommends that the Insurance Department work on implementing cross training in important areas such as FMLA, life insurance, AFSCME and death benefit claims. Management Action Plan We have been compiling policies and procedures to cover all functions of the County’s Department of Insurance and Risk Management. We have several of the processes already written in draft form that are currently being reviewed to determine if they are appropriate. The goal is to have all procedure implemented and in final form by the end of 2004. VOLUNTARY LIFE INSURANCE PROGRAM: IAD tested internal controls over the Voluntary Life Insurance Program to determine that the appropriate documentation was included for each employee file selected. Twenty employees were selected for testing. The following issues were noted: Issue There are no formal policies and procedures for the Voluntary Life Insurance Program. Recommendations See recommendation in the Policies and Procedures Review section.

- 11 -