Summary of Report 02-066

August 2002

Report Number 02-066

The Criminal Justice Division of the Office of the Governor (Division) does not ensure that its grant recipients spend funds appropriately. The Division and its grantees could not provide evidence to support the appropriateness of an estimated $15.6 million in reimbursements. It also reimbursed certain grantees for unallowable expenditures. Furthermore, the Division cannot ensure the security, accuracy, or integrity of the data in its information systems that track grantee activity and Division expenditures. In fiscal year 2001, the Division made payments on 2,655 individual contracts and spent $150 million on its criminal justice programs.

The Division's Monitoring Procedures Do Not Ensure That Grantees Spend Funds Appropriately

The Division cannot rely on its current monitoring process to provide assurance that grantees are spending funds as intended. The purpose of the monitoring function is to ensure that grantees are reimbursed only for allowable expenditures. We requested support directly from grantees for expenditures that were reimbursed, but grantees could not always provide it. For fiscal year 2001, we estimate that as much as $15.6 million in reimbursements are in question because grantees could not provide the requested support.

Weaknesses in monitoring included inadequate guidelines on what monitors should review, insufficient documentation of monitoring results, and the practice of not monitoring grantees as scheduled. Of all monitoring files tested, 94 percent (49 of 52) did not contain sufficient support or documentation that would allow us to discern how monitors tested grantees' expenditures for appropriateness or made their assessments during the monitoring review. Furthermore, the Division does not have accurate data needed to effectively monitor grantees and reimburse only eligible expenses.

The Division Does Not Ensure the Accuracy, Security, or Integrity of Data in Its Information Systems

Data in the Division's Grant Tracking System (GTS) and Financial Information System (FIS) are not always accurate, secure, or reliable. GTS does not have electronic edit checks to prevent users from deleting data in certain critical fields. GTS also does not have electronic edit checks to detect and correct user errors in a timely manner. Both GTS and FIS are at risk for unauthorized access because of inadequate procedures over the user IDs and passwords used to access the systems. Neither system adequately tracks changes made to system data. Furthermore, GTS does not have a complete definition of the data fields and what they should contain.

Contact the SAO about this report.

Download the PDF version of this report. (02-066.pdf)

HTML Equivalent (utilizing Adobe's PDF Conversion by Simple Form).