Report 2020-628.2 All Recommendation Responses

Report 2020-628.2: Employment Development Department: Significant Weaknesses in EDD's Approach to Fraud Prevention Have Led to Billions of Dollars in Improper Benefit Payments (Release Date: January 2021)

Recommendation #1 To: Employment Development Department

To ensure that its recession planning encompasses its fraud prevention efforts, EDD should identify the fraud prevention and detection efforts it can adjust during periods of high demand for UI benefits. It should ensure that it accounts for all probable consequences of the adjustments and design procedures that appropriately balance the need to provide prompt payment during a recession with the need to guard against fraud in the UI program.

The EDD continues to reassess and evaluate its fraud prevention and detection processes to ensure that they are current, effective, and adaptable while continuing to pay benefits in a timely fashion. The ongoing reassessment of the Department's fraud prevention and detection methods will also identify areas where modification or elimination of fraud filters may be beneficial. However, the EDD asserts that it will not retreat from any fundamental fraud prevention and detection approaches during recessionary times.

California State Auditor's Assessment of Status: Resolved

Although EDD's recession plan does not specify the fraud prevention and detection efforts it can adjust during periods of high demand, it asserts that it will not retreat from any fundamental fraud prevention and detection approaches during recessionary times. Therefore, this recommendation is resolved.

The Employment Development Department (EDD) has developed a Recession Plan, based upon responses to Senate Bill 390, containing strategies to better forecast fluctuating workload and improve fraud prevention efforts. In addition to conducting a lessons learned analysis, the plan identifies the following to improve workload forecasting and operations: indicators to project workload impacts, steps to take to address workload increases, alignment of staff and workload, improvement of self-services, equipment assessment, policies and procedures to activate, analysis of lines of communication, budgeting and funding constraints, and call center protocol enhancements. The strategies specific to fraud prevention that the plan identifies include: the UI Online Document Upload feature, the launch of ID.Me, and the implementation of Thomson Reuters. On 3/11/22, EDD submitted the Recession Plan to CSA.

California State Auditor's Assessment of Status: Pending

Although EDD's recession plan includes general fraud prevention and detection efforts, it does not include determining probable consequences of any adjustments it might make during a recession or design procedures that appropriately balance the need to provide prompt payment during a recession with the need to guard against fraud in the UI program. EDD should ensure that its recession plan includes this information to implement our recommendation.

The Employment Development Department has developed a draft Recession Plan, based upon responses to Senate Bill 390, containing strategies to better forecast fluctuating workload and improve fraud prevention efforts, which is currently under first level review. In addition to conducting a lessons learned analysis, the plan identifies the following to improve workload forecasting and operations: indicators to project workload impacts, steps to take to address workload increases, alignment of staff and workload, improvement of self-services, equipment assessment, policies and procedures to activate, analysis of lines of communication, budgeting and funding constraints, and call center protocol enhancements. The strategies specific to fraud prevention that the plan identifies include: the UI Online Document Upload feature, the launch of ID.Me, and the implementation of Thomson Reuters.

California State Auditor's Assessment of Status: Pending

The Employment Development Department (EDD) continues assessing lessons learned and best practices from the pandemic and previous economic downturns to build a recession plan in preparation for future fluctuations in the economy. The EDD is reviewing existing documentation and historical data to better forecast fluctuating workloads, improving on fraud prevention and detection efforts and keeping in step with our Strategic Goals of Responsible Service, Skilled Workforce, Sustainable Operations, Technological Innovations and Fiscal Stewardship.

California State Auditor's Assessment of Status: Pending

The Employment Development Department (EDD) continues assessing lessons learned and best practices from the pandemic and previous economic downturns to build a recession plan in preparation for future fluctuations in the economy. The EDD has started reviewing existing documentation and historical data to better forecast fluctuating workloads, improving on fraud prevention and detection efforts and keeping in step with our Strategic Goals of Responsible Service, Skilled Workforce, Sustainable Operations, Technological Innovations and Fiscal Stewardship.

California State Auditor's Assessment of Status: Pending

EDD is assessing lessons learned and best practices from the pandemic and previous economic downturns to build a recession plan in preparation for future fluctuations in the economy. As part of this retrospection and recession planning, EDD, along with its vendor partner, Accenture, will identify fraud prevention and detection efforts that can be adjusted during periods of high demand and ensure appropriate procedures are in place to promote prompt payment and preserve program integrity.

California State Auditor's Assessment of Status: Pending

Recommendation #2 To: Employment Development Department

To prepare to respond to victims of identity theft who receive incorrect tax forms, EDD should, by mid-February 2021, provide information on its website and set up a separate email box for such individuals to contact EDD and receive prompt resolution.

In summary, the CSA recommended the EDD provide information on the website and establish a separate email for victims of identity theft who receive incorrect tax forms. The EDD updated the Ask EDD electronic communication functionality to include an "Identity Theft" topic and added additional information to the EDD public website.

Please see the following for details:

The Ask EDD electronic communication channel for the Form 1099G category now includes the following topic:

- Report Fraud - Form 1099G Identity Theft

Individuals can report Identity Theft as a result of the receipt of Form 1099G via Ask EDD, which provides an opportunity to email the Department details surrounding their issue. This electronic response is routed to IAD for review and processing. Additionally, the EDD website has a "Your 1099G Tax Form" link on the main EDD webpage:

Once on this page, a highlighted statement provides the Contact Center phone number and the Ask EDD link.

California State Auditor's Assessment of Status: Fully Implemented

EDD provided information on its website and created a specific topic for individuals to report to EDD that they may be victims of identity theft because they received incorrect tax forms. EDD must continue to provide appropriate assistance to individuals who contact it regarding identity theft in the coming months. Doing so will be essential to maintaining full implementation of our recommendation.

Recommendation #3 To: Employment Development Department

To ensure that it provides appropriate assistance to victims of identity theft who report fraud through its online fraud reporting portal, EDD should, by March 2021, establish a working group to coordinate the work needed to resolve each complaint of identity theft, make decisions about staffing levels necessary, and add staffing to accomplish the work.

The EDD Fraud Enterprise Workgroup developed a recommendation paper to address the EDD's analysis and corresponding measures taken to prepare to respond to victims of identity theft. As part of the Fraud Workgroup, a subcommittee was established to examine and initiate actions necessary to protect victims of identity theft and, to prepare the EDD for an expected influx of IRS Form 1099-G triggered contacts from claimants and/or victims.

California State Auditor's Assessment of Status: Fully Implemented

EDD established a working group, identified the workload related to responding to complaints of identity theft, and identified several actions necessary to increase staffing levels and reduce the possible workload. Now EDD must ensure that its workgroup remains appraised of the work necessary to assist victims of identity theft and respond appropriately. Doing so will be essential to maintaining full implementation of our recommendation.

Recommendation for Legislative Action

To ensure that EDD prevents fraud associated with incarcerated individuals, the Legislature should amend state law to do the following:

- Require EDD to regularly cross-match UI benefit claims against information about individuals incarcerated in state prisons and county jails to ensure that it does not issue payments to people who are ineligible for benefits. The Legislature should specify that EDD perform the cross-matches as quickly as possible after individuals file claims and with as little disruption of legal and eligible claims as possible.

- Require CDCR and any other necessary state or local government entities to securely share information about incarcerated individuals with EDD to enable EDD to prevent fraud.

- Require EDD to include, in its annual report to the Legislature about fraud, an assessment of the effectiveness of its system of cross-matching claims against information about incarcerated individuals. The assessment should include how regularly EDD performs the cross-matches, how successful the cross-matches are in detecting and preventing fraud, and whether the cross-matches negatively affect eligible claimants attempting to legally obtain benefits.

Description of Legislative Action

AB 110 (Chapter 511, Statutes of 2021) requires CDCR to provide the name, known aliases, birth date, SSN, and booking date and expected release date, if known, of a current inmate to EDD for the purposes of preventing payments on fraudulent claims for unemployment compensation benefits. This information must be provided to EDD on the first of every month and upon the EDD's request. For purposes of preventing payments on fraudulent claims for unemployment compensation benefits, the EDD Director is required to verify with the information provided by CDCR that the claimant is not an inmate currently incarcerated in the state prisons. EDD is required to complete necessary system programming or automation upgrades to allow electronic monitoring of CDCR inmate data to prevent payment on fraudulent claims for unemployment compensation benefits at the earliest possible date, but not later than September 1, 2023.

AB 56 (Chapter 510, Statutes of 2021), in part, requires EDD to assess the effectiveness of its system of cross matching claims against information about incarcerated individuals. The assessment shall include how regularly EDD performs the cross matches, how successful the cross matches are in detecting and preventing fraud, and whether the cross matches negatively affect eligible claimants attempting to legally obtain benefits. EDD is required to include this assessment in its annual report on fraud deterrence and detection activities. Details on fraud methods and tools may be generalized, excluded, or redacted to protect the department's fraud deterrence practices.

California State Auditor's Assessment of Status: Legislation Enacted

Description of Legislative Action

AB 23 (Chen, 2021) would, beginning July 1, 2021, require EDD to cross-check all claimant information with state and county correctional facility inmate data in an effort to detect fraudulent applications.

AB 110 (Petrie-Norris, 2021) would require CDCR to provide specified information on current inmates to EDD for the purposes of preventing payments on fraudulent claims for unemployment compensation benefits on the first of every month and upon the EDD's request.

SB 39 (Grove, 2021) would require CDCR to provide the names and SSNs of current inmates to EDD, upon request of EDD, for the purposes of preventing payments on fraudulent UI claims. The EDD Director would be required to verify for any UI benefits paid on and after July 1, 2021, that the claimant currently incarcerated in the state prisons before making any benefit payment. This bill would require EDD to notify CDCR and DOJ of the attempt to make a fraudulent claim for UI benefits if EDD determines a claimant is currently incarcerated.

California State Auditor's Assessment of Status: Legislation Proposed But Not Enacted

Description of Legislative Action

AB 23 (Chen) would, beginning July 1, 2021, require EDD, to cross-check all UI claimant information with state and county correctional facility inmate data in an effort to detect fraudulent applications.

AB 56 (Salas) would, in part, require EDD to designate a fraud prevention and detection unit by March 1, 2022. This bill would also require EDD to include in its annual legislative report on deterrence and detection activities an assessment of the effectiveness of its system of cross matching claims against information about incarcerated individuals and the effectiveness of its fraud prevention and detection tools.

AB 110 (Petrie-Norris) would require CDCR to provide the names and SSNs of current inmates to EDD on the first of every month or upon EDD's request for the purposes of preventing payments on fraudulent claims for UI benefits. Finally, this bill would require the EDD Director to verify with the information provided by CDCR that the claimant is not an inmate currently incarcerated in the state prisons or an inmate currently serving a sentence in a county jail before making any payment of UI benefits.

SB 39 (Grove) would require CDCR to provide the names and SSNs of current inmates to EDD for the purposes of preventing payments on fraudulent claims for UI benefits. This bill would require, for any unemployment compensation benefits paid on and after July 1, 2021, the EDD Director to verify with the information provided by CDCR that the claimant is not an inmate currently incarcerated in the state prisons before making any payment of unemployment compensation benefits.

California State Auditor's Assessment of Status: Legislation Introduced

Description of Legislative Action

AB 23 (Chen) would, beginning July 1, 2021, require EDD, as part of its process for determining eligibility for unemployment insurance benefits, cross-check all claimant information with state and county correctional facility inmate data in an effort to detect fraudulent applications.

AB 110 (Petrie-Norris) would require CDCR to provide the names and SSNs of current inmates to EDD for the purposes of preventing payments on fraudulent claims for unemployment compensation benefits. The bill would also require a county to provide the names and SSNs of inmates currently serving a sentence in the county's jail to EDD for those same purposes. The bill would require the names and SSNs to be provided to EDD on the first of every month and upon the EDD's request. Finally, this bill would require, for purposes of preventing payments on fraudulent claims for unemployment compensation benefits, the EDD Director to verify with the information provided by CDCR and counties before making any payment of unemployment compensation benefits that the claimant is not an inmate currently incarcerated in the state prisons or an inmate currently serving a sentence in a county jail.

SB 39 (Grove) would require CDCR to provide the names and SSNs of current inmates to EDD for the purposes of preventing payments on fraudulent claims for unemployment compensation benefits. This bill would require, for any unemployment compensation benefits paid on and after July 1, 2021, the EDD Director to verify with the information provided by CDCR that the claimant is not an inmate currently incarcerated in the state prisons before making any payment of unemployment compensation benefits.

California State Auditor's Assessment of Status: Legislation Introduced

Recommendation #5 To: Employment Development Department

To ensure that it provides legitimate claimants with benefits but does not pay benefits related to fraudulent claims, EDD should immediately obtain from Bank of America a comprehensive list of claimants' accounts that are frozen. EDD should immediately thereafter evaluate the list—including considering using ID.me to verify claimants' identities—to identify accounts that should be unfrozen. By March 2021, it should direct Bank of America to take action to freeze or unfreeze accounts as appropriate.

The EDD has obtained and reviewed comprehensive lists of claimants' debit card accounts that have been frozen. The EDD has evaluated the lists of Bank of America frozen accounts against EDD claim information, and has identified and required claimants to verify their identities or provide additional verification information to resolve other eligibility issues, if necessary. The EDD has provided Bank of America with a list of all verified claimants through March 2021 in order for Bank of America to take action as appropriate.

California State Auditor's Assessment of Status: Fully Implemented

EDD obtained from Bank of America a list of frozen accounts as of 3/31/2021 and provided us with procedures for how it evaluated that list. Based on its evaluation, EDD provided Bank of America with a list of claimant accounts to unfreeze. As claimants continue to provide EDD with information that satisfactorily resolves EDD's concerns about identity and eligibility, EDD must continue to request that Bank of America unfreeze accounts. It is critical to the full implementation of this recommendation that EDD continue to request Bank of America unfreeze accounts that EDD believes belong to legitimate claimants.

Recommendation #6 To: Employment Development Department

To ensure that it reviews each account that Bank of America reports to it as suspicious or potentially fraudulent, by February 2021, EDD should establish a centralized tracking tool that allows it to review and stop payment on claims, as appropriate. EDD should use this tool to monitor its own internal decisions and track whether the claimant responds to its requests for identity information and should, therefore, have their account unfrozen.

The Employment Development Department (EDD) continues to use the automated central repository to track accounts that have been frozen and continues to work with Bank of America (BofA) on having verified accounts unfrozen. Files containing frozen and verified accounts from and to BofA are being sent through a Secure File Transfer Protocol (SFTP) with the EDD's Business Intelligence Competency Center (BICC) on a weekly basis. A screenshot of the central repository which reflects more recent unfreeze request dates to BofA is attached. The attached BofA File Tracking Extract file is an extract of total lists received by BofA and tracked in the central repository. Also included is a recent correspondence confirming BofA's receipt of the file transmitted through the SFTP for unfreeze action. Detailed information on the agreed upon steps between EDD and BofA are provided in the EDD Business Requirements Document (EDD BRD), which replaces the EDD Master Plan that was previously provided.

California State Auditor's Assessment of Status: Fully Implemented

EDD has created a centralized tracking tool that pulls information from the lists of accounts Bank of America reports to it as suspicious or potentially fraudulent. We also reviewed evidence showing that EDD communicates with Bank of America regarding accounts that can be unfrozen. EDD must continue to provide appropriate assistance to individuals who contact it regarding concerns about frozen accounts in the coming months. Doing so will be essential to maintaining full implementation of our recommendation.

The BofA reports are stored and tracked in the ITB-created central repository. Additionally, the reports and their statuses are updated regularly to enable the EDD to track each account's appropriate action and the outcome of each benefit claim. Attached is a screen shot of the tracking system. Also included are EDD procedures on the handling of BofA lists. These procedures are currently in the process of being automated and will ultimately be superseded by that automation.

California State Auditor's Assessment of Status: Partially Implemented

EDD has created a centralized tracking tool that pulls information from the lists of accounts Bank of America reports to it as suspicious or potentially fraudulent. However, the tracking tool relies on multiple units to regularly manually perform actions to update the tool. Therefore, we will obtain a status update at the next 90-day to verify that EDD regularly uses the tool to monitor its internal decisions and tracks when claimants should have their accounts unfrozen.

Recommendation for Legislative Action

To ensure that EDD effectively protects the integrity of the UI program, the Legislature should amend state law to require EDD to do the following:

- By January 2022 and biannually thereafter, assess the effectiveness of its fraud prevention and detection tools and determine the degree to which those tools overlap or duplicate one another without providing any additional benefit. EDD should then eliminate any fraud prevention and detection approach for which it lacks clear evidence of effectiveness. It should include this assessment in its annual report to the Legislature on fraud detection and deterrence efforts.

- By July 2021, provide the Legislature with an update on its progress in performing this analysis.

Description of Legislative Action

AB 138 (Chapter 78, Statutes of 2021), in part, requires EDD to provide to the Senate Labor, Public Employment and Retirement Committee, the Assembly Insurance Committee, the Senate Budget and Fiscal Review Committee, the Assembly Budget Committee, and the Joint Legislative Audit Committee a plan for assessing the effectiveness of its fraud prevention and detection tools by May 1, 2022, and provide a report with an update on its progress on performing the assessment that the plan identified by July 1, 2022. On or before January 1, 2023, and annually thereafter, EDD is required to analyze and assess the effectiveness of its fraud prevention and detection tools and submit this analysis and assessment to the specified legislative committees.

California State Auditor's Assessment of Status: Legislation Enacted

Description of Legislative Action

SB 232 (Nielsen, 2021), in part, would require EDD to provide the Legislature with a plan for assessing the effectiveness of its fraud prevention and detection tools by May 1, 2022, and to provide a report to the Legislature with an update on its progress on performing this analysis by July 1, 2022. The bill would require EDD to designate a unit that is responsible for coordinating all unemployment insurance fraud prevention and detection efforts. This bill is pending in the Assembly.

California State Auditor's Assessment of Status: Legislation Introduced

Description of Legislative Action

AB 56 (Salas, 2021) would, in part, require EDD to designate a fraud prevention and detection unit by March 1, 2022. This bill would also require EDD to include in its annual legislative report on deterrence and detection activities an assessment of the effectiveness of its fraud prevention and detection tools.

SB 232 (Nielsen, 2021) would, in part, require EDD to provide the Legislature with a plan for assessing the effectiveness of its fraud prevention and detection tools by May 1, 2022, and to provide a report to the Legislature with an update on its progress on performing this analysis by July 1, 2022. The bill would require EDD to designate a unit that is responsible for coordinating all unemployment insurance fraud prevention and detection efforts.

California State Auditor's Assessment of Status: Legislation Introduced

Description of Legislative Action

AB 56 (Salas) would, in part, require EDD to designate a fraud prevention and detection unit by March 1, 2022. This bill would also require EDD to include in its annual legislative report on deterrence and detection activities an assessment of the effectiveness of its fraud prevention and detection tools.

SB 232 (Nielsen) would require EDD to provide the Legislature with a plan for assessing the effectiveness of its fraud prevention and detection tools by May 1, 2022, and to provide a report to the Legislature with an update on its progress on performing this analysis by July 1, 2022. The bill would require EDD to designate a unit that is responsible for coordinating all unemployment insurance fraud prevention and detection efforts.

California State Auditor's Assessment of Status: Legislation Introduced

Description of Legislative Action

As of March 29, 2021, the Legislature has not taken action to address this specific recommendation.

California State Auditor's Assessment of Status: No Action Taken

Recommendation #8 To: Employment Development Department

To ensure that it maintains a robust set of safeguards against fraud, EDD should, by March 2021, designate a unit as responsible for coordinating all UI fraud prevention and detection. EDD should assign that unit sufficient authority to carry out its responsibilities and align the unit's duties with the GAO's framework for fraud prevention.

The Employment Development Department has staffed the Unemployment Insurance Support Division's (UISD) Fraud Prevention and Detection Group. For the Staff Services Manager (SSM) I position in the Fraud Prevention and Detection Unit One, the candidate accepted the job offer on November 24, 2021 and started on December 6, 2021. This unit has a vacant position due to a staff who left recently for a promotion. The candidate accepted the job offer for the SSM I in the Fraud Prevention and Detection Unit Two position on November 24, 2021, with a tentative start date of December 13, 2021, pending the required background investigation. The UISD will conclude job interviews for the Fraud Prevention and Detection Group SSM II position on December 9, 2021. This position will replace the current Acting SSM II. Please see the UISD Organizational Chart.

California State Auditor's Assessment of Status: Fully Implemented

EDD provided us with documentation that shows it has designated a unit responsible for coordinating fraud prevention and detection. It also provided us with the unit's charter, which grants the unit authority to carry out its fraud prevention activities and establishes the goal to align the UI prevention policy and organizational structure with the GAO's framework for fraud prevention. EDD provided us with an organizational chart that shows it has filled key positions in the unit.

The Employment Development Department (EDD) has completed an organizational augmentation of the Unemployment Insurance Support Division. The augmentation included renaming the preexisting Integrity and Legislation unit to the Fraud Prevention and Detection Group and added a second unit to create a group. Positions have been advertised and recruitment efforts are in place. In addition, the Unemployment Insurance (UI) Branch is considering redirecting knowledgeable internal UI staff to these critical positions.

EDD's Fraud Workgroup continues to assess fraud prevention efforts throughout EDD's program areas. The UI Fraud Prevention and Detection Group will continue to coordinate UI fraud prevention and detection activities. This group will be aligned to the U.S. Government Accountability Office's four-part fraud risk management framework to mitigate fraud perpetrated against government agencies.

The Fraud and Prevention Detection Units have been granted the authority to define fraud policies, determine risk, examine and periodically review fraud policies, act quickly when fraudulent activities are reported, and use data-driven reporting to identify opportunities to improve the efficiency and effectiveness of the UI fraud program. The units' functionality capability architecture will take a phased approach to ensure incremental value gains and move toward data-driven outcomes.

California State Auditor's Assessment of Status: Partially Implemented

EDD provided us with documentation that shows it has designated a unit responsible for coordinating fraud prevention and detection. It also provided us with the unit's charter, which grants the unit authority to carry out its fraud prevention activities and establishes the goal to align the UI prevention policy and organizational structure with the GAO's framework for fraud prevention. As EDD indicates, it is working to fill the positions in this unit. At the next 90-day response, EDD should provide us with an update on progress in filling these positions.

The EDD has completed an organizational augmentation of the Unemployment Insurance Support Division. The augmentation included renaming the Integrity and Legislation unit to the Fraud Prevention & Detection Group and added a second unit. The new unit will add one Staff Services Manager I and five Staff Services Analyst/Associate Government Program Analyst. EDD's Fraud Workgroup continues to assess fraud prevention efforts throughout EDD's program areas. The newly designated "UI Fraud Prevention and Detection" group is responsible for coordinating all UI fraud prevention and detection activities. This group will be aligned to the U.S. Government Accountability Office's four-part fraud risk management framework to mitigate fraud perpetrated against government agencies and will be more agile.

The group will be granted the authority to define fraud policies, determine risk, examine and periodically review fraud policies, act quickly when fraudulent activities are reported, and use data-driven reporting to identify opportunities to improve the efficiency and effectiveness of the UI fraud program. The group will establish the policy and organizational structure, operationalize and refine core capabilities of business rules and performance reporting, and build a foundation for advanced analytics that will employ agile methods and feedback loops to refine capabilities. The unit will have sufficient authority, be the central repository for knowledge about the agency's fraud prevention activities, and be the central coordinator of those activities, including engaging with internal and external stakeholders in collaboration with vendor fraud experts, and creating a schedule and roadmap to support this new group. (see attachment)

California State Auditor's Assessment of Status: Partially Implemented

EDD provided us with documentation that shows it has designated a unit responsible for coordinating fraud prevention and detection. It also provided us with the unit's charter, which grants the unit authority to carry out its fraud prevention activities and establishes the goal to align the UI prevention policy and organizational structure with the GAO's framework for fraud prevention. However, EDD has several vacancies for staff in this unit leaving us with concerns regarding the unit's ability to operate as intended. At the next 90-day response, EDD should provide us with an update on progress in filling these positions.

EDD's Fraud Workgroup continues to assess fraud prevention efforts throughout EDD's program areas. EDD has designated a "UI Fraud Prevention and Detection" group that is responsible for coordinating all UI fraud prevention and detection activities. This group is being aligned to the U.S. Government Accountability Office's four-part fraud risk management framework to mitigate fraud perpetrated against government agencies and will be more agile and be granted the authority to define fraud policies, determine risk, examine and periodically review fraud policies, act quickly when fraudulent activity is reported, and use data-driven reporting to identify opportunities to improve the efficiency and effectiveness of the UI fraud program. The group's functionality capability architecture will take a phased approach to ensure incremental value gains and move toward data-driven outcomes. The first phase will establish the policy and organizational structure; second phase will operationalize and refine core capabilities of business rules and performance reporting; third phase will build a foundation for advanced analytics that will employ agile methods and feedback loops to refine capabilities. The unit will have sufficient authority, be the central repository for knowledge about the agency's fraud prevention activities, and be the central coordinator of those activities, including engaging with internal and external stakeholders, such as the Investigations Division. EDD, in collaboration with vendor fraud experts, is creating a schedule and roadmap to support this new group's vision and mission and is in the process of hiring additional agents to support this group.

California State Auditor's Assessment of Status: Pending

EDD provided us with documentation that shows it has initiated the process to designate a unit responsible for coordinating fraud prevention and detection. However, this effort is still in the planning and approval stages and it has not yet finalized the unit and its responsibilities. We look forward to EDD's next 90-day update on its progress toward fully implementing this recommendation.

Recommendation #9 To: Employment Development Department

To ensure that it maintains a robust set of safeguards against fraud, EDD should, by May 2021, develop a plan for how it will assess the effectiveness of its fraud prevention and detection tools.

The Employment Development Department (EDD) has implemented the Fraud Prevention Tools Assessment Plan on September 23, 2021. The plan was updated to include staff from EDD's Policy, Accountability and Compliance Branch, Information Technology Branch, and Unemployment Insurance Branch who are responsible for leading and executing the plan.

California State Auditor's Assessment of Status: Fully Implemented

EDD provided us with its plan for its approach to evaluate the effectiveness of its fraud prevention and detection tools, a description of the phases in which the assessment will take place, expected outputs, and roles and responsibilities. EDD's plan has also identified staff that will be responsible for leading key elements of the plan. EDD shared evidence that it is now in the very early stages of implementing its plan. This progress is encouraging but it will be critical to maintaining full implementation for EDD to continue these early efforts. We note that due to recent changes to state law, EDD is now required to report to the Legislature regularly about its assessment of the effectiveness of its fraud prevention and detection tools.

The EDD has formed the enclosed plan to assess the effectiveness of its fraud prevention and detection tools. Elements of this plan will serve as reusable components to allow for the ongoing monitoring of existing solutions and as a repeatable framework to assess fraud tools. The approach classifies each tool by category - fraud detection or identity verification solution - and then proceeds to assess a solution according to criteria appropriate for its type. Thereafter, a tool undergoes a two-phased evaluation process based on features/functions, and performance/output specific to its category's metrics and scoring model.

Executed, the findings of this plan will weigh the efficacy of the EDD's component tools by objective measures and rank order [if applicable]; elicit strategic considerations that may identify tool gaps or redundancies; and inform of potential approaches for remediating gaps and/or evolving the maturity of the EDD's capabilities.

California State Auditor's Assessment of Status: Partially Implemented

EDD provided us with its plan for its approach to evaluate the effectiveness of its fraud prevention and detection tools, a description of the phases in which the assessment will take place, expected outputs, and roles and responsibilities. However, EDD's plan has not identified staff that will be responsible for leading key elements of the plan. Instead, the plan states that filling those roles will depend on EDD's available budget and competing priorities. At the next 90-day response, EDD should provide us with an update on designating staff for these roles.

The EDD has contracted with a consulting partner, Accenture, who is assisting the EDD in forming a plan to assess the effectiveness of the EDD's existing fraud prevention and detection tools. EDD and Accenture's plan will detail the steps by which existing fraud prevention and detection tools will be assessed and needed actions will be inventoried and prioritized. The steps will include Accenture's interviews and review of existing material and technology to determine how EDD has to improve their fraud prevention and detection environment. The plan will also provide a path for the prioritization of the actions and schedule in a roadmap, so that the EDD has a clear course to fortify their fraud prevention and detection capabilities. The EDD anticipates that this plan will be completed by the May 2021 deadline.

California State Auditor's Assessment of Status: Pending

All Recommendations in 2020-628.2

Agency responses received are posted verbatim.