Audit of the Essex Sheriff’s Department
August 27, 2018 · Essex Sheriff’s Department · Read the full official report on mass.gov ↗
source
“In this audit, we reviewed the adequacy of SDE’s internal control plan (ICP); compliance with the requirements of Chapter 647 of the Acts of 1989 regarding the reporting of any unaccounted-for variances, losses, shortages, or thefts of funds or property to OSA; budgeting and procurement practices; cash receipts and expenditure practices; and the reconciliation process for the Police Detail Fund (PDF), Civil Process Enterprise Fund, Inmate Benefit Canteen Fund, and inmate accounts.”
Read the plain-English breakdown
This is a performance audit of the Essex Sheriff's Department covering July 1, 2015 through December 31, 2016.
“I am pleased to provide this performance audit of the Essex Sheriff’s Department.”
The newly elected sheriff asked for a transition audit to understand the department and identify areas needing fixes after taking office.
“SDE’s newly elected Sheriff, who was sworn in on January 4, 2017, requested this transition audit.”
The findings matter because weak records and controls make it harder to know whether public money was spent fairly, properly, and at good value.
“As a result, the Commonwealth cannot be certain that these procurements were conducted openly and fairly or that SDE obtained these goods and services at the best possible value.”
For residents, this report is about whether a public agency that runs jails, inmate programs, civil process work, and public safety functions is managing tax dollars and other funds responsibly.
“SDE is responsible for running and overseeing all aspects of its facilities, which include its administrative office in Middleton; the Essex County Correctional Facility in Middleton; the Correctional Alternative Center in Lawrence; the Women in Transition Center in Salisbury; and three Offices of Community Corrections in Lawrence, Salisbury, and Lynn.”
The department had repeated weaknesses in financial controls and documentation, but the audited agency said it had begun making changes under the new administration.
“The conclusions reached in this report refer to office operations in effect during the previous administration.”
The report recommends that the department improve procurement files, update its internal control plan, report losses promptly, track assets annually, separate financial duties, document spending approvals, and tighten police detail operations.
“SDE should develop policies addressing all business functions of PDF operations, including the collection of an administration fee from all hiring entities to ensure that it charges them enough to support PDF operations.”
The audit found problems large enough to affect more than $1 million in purchasing documentation and raised concerns about whether the department could properly protect funds, assets, and operations.
“SDE had inadequate documentation regarding the procurement of $1,035,383 in goods and services.”
An internal control plan is the department's written system for identifying risks and setting procedures to prevent mistakes, misuse, fraud, or poor management.
“SDE did not develop an internal control plan (ICP), an agency-wide document that summarized risks and controls for all of its business processes, in accordance with state guidelines.”
7 figure(s) pending source verification - not shown
What the Auditor checked
- Did not comply Has SDE developed an internal control plan (ICP) that is consistent with the requirements of the Office of the State Comptroller’s (OSC’s) Internal Control Guide?
- Did not comply Did SDE comply with Chapter 647 of the Acts of 1989 by reporting all instances of unaccounted-for variances, losses, shortages, or thefts of funds or property to OSA?
- Did not comply Did the incoming Sheriff have sufficient appropriated funds remaining to properly fund operations and inmate services and programs for the rest of fiscal year 2017?
- Did not comply Did SDE ensure that purchased goods and services that totaled $10,000 or more from a single vendor in a single fiscal year were procured in compliance with its procurement policy?
- Did not comply Were SDE’s business activities that were related to the Civil Process Enterprise Fund (CPEF) self-sufficient, and did they comply with SDE’s cash receipt and disbursement policies and procedures?
- Did not comply Did SDE comply with its cash receipt and disbursement procedures for the Inmate Benefit Canteen Fund (IBCF) to ensure that funds were used for inmates’ benefit?
- Complied Were SDE’s inmate account balances reconciled as of December 31, 2016?
What the Auditor found
Why it matters: The Commonwealth could not be certain that procurements were open and fair or that SDE obtained the best possible value.
Standard: SDE’s Policy Governing the Procurement of Commodities and/or Services ( Section .06 of SDE’s Policy Governing the Procurement of Commodities and/or Services; Section .07(2) of SDE’s Policy Governing the Procurement of Commodities and/or Services; Section .05(11) of SDE’s Policy Governing the Procurement of Commodities and/or Services )
2 recommendations
- SDE’s Procurement Department should complete all SDE purchases and complete and maintain required procurement-file records, including evidence of bids or Competitive Procurement Exception Explanation Forms.
- SDE should communicate its procurement policy to all staff members and ensure that all employees who initiate purchases receive training on procurement compliance.
Agency response & Auditor reply
Agency: "Corrective action includes having hired a new seasoned Procurement Director who brings extensive experience in CommBuys, large-scale procurements, and internal control compliance."
Auditor: "Based on its response, SDE is taking measures to complete and maintain required procurement-file records, but it should also ensure that staff members are aware of its procurement policy and that all employees who initiate purchases receive training on procurement compliance."
Why it matters: Management could not measure, prioritize, and manage risks to achieving SDE’s mission.
Standard: OSC’s Internal Control Guide and COSO enterprise risk management framework ( OSC’s June 2015 Internal Control Guide )
2 recommendations
- SDE should request training from OSC on how to properly complete an ICP.
- SDE should develop and implement a policy requiring that its ICP be updated annually based on a current department-wide risk assessment and address all components of ERM.
Agency response & Auditor reply
Agency: "SDE’s intention is to compile a thorough and robust ICP that encompasses input from all disparate business areas within the department, to identify and prioritize risk within the organization, not just from a fiscal perspective, but to include all operational exposures."
Auditor: "Based on its response, SDE is taking measures to ensure that it properly completes an ICP, but it should also develop and implement a policy requiring that the ICP be updated annually, in addition to submitting the Internal Control Questionnaire annually."
Why it matters: OSA could not review the matter, determine the circumstances or internal control weakness, or make recommendations to reduce future losses.
Standard: Section F of Chapter 647 of the Acts of 1989 ( Section F of Chapter 647 of the Acts of 1989 )
2 recommendations
- SDE should establish a policy detailing a process for filing a timely report with OSA for all shortages or thefts of funds or property.
- SDE should ensure that all personnel are properly trained and aware of the Chapter 647 reporting requirement for all shortages or thefts of funds or property.
Agency response & Auditor reply
Agency: "While SDE completed a well-documented Internal Affairs investigation into this referenced loss, SDE did indeed neglect to report this isolated incident."
Why it matters: SDE could not ensure that assets were safeguarded against loss, theft, and misuse.
Standard: SDE’s internal control plan and OSC Fixed Assets—Accounting and Management Policy ( Asset Management section of SDE’s ICP; OSC Fixed Assets—Accounting and Management Policy )
3 recommendations
- SDE’s management should ensure that its inventory staff is trained on fixed-asset policies and procedures.
- SDE should conduct an annual physical inventory of all assets and complete reconciliations of the annual physical inventory results to its asset records.
- SDE’s Fiscal Department should maintain a complete record of all SDE assets on file.
Agency response & Auditor reply
Agency: "Since this audit, SDE has updated and created an all-inclusive and whole-department inventory of assets."
Auditor: "Based on its response, SDE is taking measures to maintain a complete record of all its assets on file and conduct an annual physical inventory, but it should also ensure that its inventory staff is trained on fixed-asset policies and procedures."
Why it matters: SDE could not be certain funds were protected from theft, loss, or misuse.
Standard: Section 10.04 of OSC’s June 2015 Internal Control Guide ( Section 10.04 of OSC’s June 2015 Internal Control Guide )
2 recommendations
- SDE should implement policies and procedures for the processing of its fund accounts.
- SDE should segregate duties for authorizing transactions, recording transactions to the general ledger, and reconciling transactions for its funds or, because of limited personnel, implement closer supervision or more frequent reviews.
Agency response & Auditor reply
Agency: "That said, the individual responsible for reconciling Civil Process, Police Detail, and Inmate Canteen, will now share this responsibility with a newly hired Budget Analyst and a soon to be hired Assistant Budget Director."
Auditor: "Based on its response, SDE is taking measures to segregate duties for authorizing, recording, and reconciling transactions."
Why it matters: There was a higher-than-acceptable risk that funds could be misappropriated or improperly spent without detection.
Standard: SDE’s internal control plan ( SDE’s ICP )
1 recommendation
- SDE should ensure that all approvals of expenditures are documented.agency: already implemented
Agency response & Auditor reply
Agency: "Fund expenditure authorizations are now subject to a regulated and stricter PDF workflow with digital signatures."
Why it matters: The Police Detail Fund operated at a loss and could require subsidies from appropriated funds.
Standard: SDE’s Police Details Unit Coordinator Procedures and Government Finance Officers Association fee-setting best practice ( SDE’s Police Details Unit Coordinator Procedures; Government Finance Officers Association, “Establishing Government Charges and Fees” )
1 recommendation
- SDE should develop policies addressing all business functions of PDF operations, including the collection of an administration fee from all hiring entities to ensure that it charges them enough to support PDF operations.
Agency response & Auditor reply
Agency: "With this critical feedback from OSA, the police detail operation will undergo a transformation that includes: reconciliation responsibilities being shifted to SDE Finance and definitive guidelines regarding uniform collection of administrative fees to make this operation self-sustaining."
Why it matters: SDE could not be certain that officers were paid correctly for all details worked.
Standard: Section 229.08 of SDE’s Paid Police Details policy ( Section 229.08 of SDE’s Paid Police Details policy )
2 recommendations
- SDE should ensure that payments for police details are supported by the required documentation.
- Officers should complete and return the required work detail slips to support hours worked and obtain the signatures of site supervisors to substantiate those hours.
Agency response & Auditor reply
Agency: "SDE will implement a new policy and procedure for detail operation that will require officer’s detail slips to be signed by a supervisor and proper supporting documentation be submitted prior to officer’s detail payments being made."