State auditors are asking the attorney general’s office to consider criminal prosecution of a management employee of the Department of Public Safety and Correctional Services who used his government credit card to spend $56,303 on a vendor he had a business relationship with.
But this was a small matter compared to the complete lack of monitoring of hours for contractors who provided inmates with $82 million worth of health care in fiscal 2009.
These were among the major control issues at the department found by members of the Office of Legislative Audits. They also uncovered inadequate monitoring of the Maryland Online Sex Offender Registry.
Audit Manager Paul Denz pointed out that none of the issues his team discovered had been present at the system’s last audit three years ago, but several new issues need to be corrected.
The public safety department, which runs state prisons, contracts out inmate health care services. The department pays for hours the contractor’s employees report, up to an established maximum.
However, the department had no way for employees to check in when they arrived on site, meaning there was no way to ensure employees actually worked the hours they got paid for.
Auditors looked at a sample of seven invoices and found that in most of them, 23 employees reported working more than 250 hours in a month — more than 62 hours per week. There were four instances where an employee worked more than 300 hours in a month — more than 75 hours per week.
Auditors alleged no wrongdoing, but indicated that the large hourly totals should have raised some suspicion.
In a written response, Public Safety Secretary Gary Maynard pointed out that medical employees often work extended hours due to shortages of medical personnel and to ensure that all inmates receive care. He also said that in May, the department made sure that sign-in and sign-out sheets were available at all facilities for workers to record their hours.
The audit also uncovered an unidentified management employee who used a government credit card to purchase $56,303 in veterinary services from a provider with which she/he had a business relationship. The services caring for the department’s K-9 unit were not put out for competitive bidding, and charges on the card appeared to be structured so that they did not hit the card’s $2,500 single-purchase limit.
The employee told auditors that the office always maintained a balance with the vendor, and made payments on it, which is not supposed to be done with government credit cards.
The audit also found that there were no detailed invoices and receipts for the services from the vendor. Instead, the management employee with the business relationship prepared reports detailing goods and services received from the vendor.
The State Ethics Commission dealt with the potential conflict of interest between the manager and the vendor in 2008. At the time, the commission could not definitively find any violations, but was concerned about the appearance of a conflict and the potential for violations.
After completing the report, auditors referred the case both to the State Ethics Commission and the criminal division of the Office of the Attorney General.
“We felt that that was the decision we should make based on our findings,” Denz said.
The office that has the responsibility for maintaining the sex offender registry, also did not have adequate controls over updates, additions and cancellations of records. Six users of the system were authorized to review changes — but they also could make changes themselves.
The way the system was set up, the same user could make a change and approve it. No subsequent review was required. Auditors recommended that employees who cannot access the system be added to the process to approve changes.
Information Systems Audits Director Robert Koslowski said that auditors found no sex offender records that were incorrectly managed.
“The opportunity is there, though,” he said. “This is a procedural weakness that should not be there.”
Maynard said the department is taking the auditors’ advice and he also agreed to comply with the audit’s recommendations about controls over equipment inventory.