An Audit Report on Financial Reporting and Contracting at the Department of Agriculture
March 2016
Report Number 16-019
Overall Conclusion
The Department of Agriculture's (Department) financial reporting and accounting processes ensured that the financial statements in its fiscal year 2014 Annual Financial Report were accurate and complete. In addition, the Department had processes to ensure that its expenditures were accurately recorded and classified for fiscal year 2014. However, the Department did not consistently maintain documentation to show that it accurately recorded fiscal year 2014 revenue transactions.
In addition, the Department should improve its processes to ensure that it compiles financial data accurately and completely for the Report of Non-Financial Data. That report (which is an annual report that includes information on certain purchases, payments, and budget transfers) was inaccurate and incomplete for fiscal year 2014. The Report of Non-Financial Data is submitted to the Office of the Governor, the Legislative Budget Board, the State Auditor's Office, and the Legislative Reference Library.
The Department should also improve certain key aspects of contract management and controls over information technology. Specifically:
- Contract Management. The Department should improve certain contract management processes. Auditors reviewed the Department's (1) contract for the development of a grant management, procurement, and contracting system and (2) use of the state contract for fuel card services and identified significant weaknesses in the Department's management of those contracts:
- Contract for the development of a grant management, procurement, and contracting system. The Department did not ensure that Periscope Holdings, Inc., to which it awarded a deliverables-based information technology services (DBITS) contract, developed a system that met the Department's specifications. Instead of developing a grant management, procurement, and contracting system as originally planned, Periscope Holdings, Inc. developed only a procurement system (the Contract Award Management and Procurement System, or CAMPS). The Department did not manage each phase of the contract management process (planning, procurement, contract formation, and oversight) in accordance with state procurement requirements and the Department's requirements, which resulted in the Department not receiving the information system that it solicited. Payments to Periscope Holdings, Inc. totaled $450,441 from January 2013 to March 2015.
- State contract for fuel card services. The Department did not consistently ensure that its payments to U.S. Bank, the fuel card services vendor, were accurate and that it made those payments in a timely manner. The Department did not have a standardized process to review invoices for billing errors, report billing errors to U.S. Bank, and apply rebates to payments in a timely manner. The Department paid $2,055,247 for fuel card expenses from September 2012 to December 2014.
- Controls Over Information Technology. Auditors also performed a limited review of general and application controls for three automated systems that supported the financial reporting and accounting processes audited and determined the following:
- CAMPS did not contain adequately designed controls to ensure the reliability of procurement data. In addition, auditors identified certain access control and security weaknesses related to that system.
- The Department's licensing and enforcement system (the Bringing Resources, Integration, and Data Together for Greater Efficiency system, or BRIDGE) contained adequately designed controls to ensure the reliability of licensing revenue transactions entered and processed. However, auditors identified certain access control and security weaknesses related to that system.
- The Department should strengthen user access controls over the Uniform Statewide Accounting System (USAS) to minimize the risk of alteration or deletion of data.
To minimize security risks, auditors communicated details about the user access and security control weaknesses directly to the Department's management.
Auditors communicated other, less significant issues related to accounting processes, contract planning, vendor payments, password settings for selected information systems, and policies and procedures separately in writing to Department management.