Report 2020-628.2 Recommendations
When an audit is completed and a report is issued, auditees must provide the State Auditor with information and periodic reports regarding their progress in implementing the report’s recommendations. For audits conducted under the State High Risk Audit Program, these periodic reports are due every 90 days from the issue date of the report until such time as the State Auditor directs the auditee otherwise, according to title 2, section 61024 of the California Code of Regulations. Additionally, Senate Bill 1452 (Chapter 452, Statutes of 2006), requires auditees who have not implemented recommendations after one year, to report to us and to the Legislature why they have not implemented them or to state when they intend to implement them. Below, is a listing of each recommendation the State Auditor made in the report referenced and a link to the most recent response from the auditee addressing their progress in implementing the recommendation and the State Auditor's assessment of auditee's response based on our review of the supporting documentation.
Recommendations in Report 2020-628.2: Employment Development Department: Significant Weaknesses in EDD's Approach to Fraud Prevention Have Led to Billions of Dollars in Improper Benefit Payments (Release Date: January 2021)
|Recommendations to Employment Development Department|
To ensure that its recession planning encompasses its fraud prevention efforts, EDD should identify the fraud prevention and detection efforts it can adjust during periods of high demand for UI benefits. It should ensure that it accounts for all probable consequences of the adjustments and design procedures that appropriately balance the need to provide prompt payment during a recession with the need to guard against fraud in the UI program.
To prepare to respond to victims of identity theft who receive incorrect tax forms, EDD should, by mid-February 2021, provide information on its website and set up a separate email box for such individuals to contact EDD and receive prompt resolution.
To ensure that it provides appropriate assistance to victims of identity theft who report fraud through its online fraud reporting portal, EDD should, by March 2021, establish a working group to coordinate the work needed to resolve each complaint of identity theft, make decisions about staffing levels necessary, and add staffing to accomplish the work.
To ensure that it provides legitimate claimants with benefits but does not pay benefits related to fraudulent claims, EDD should immediately obtain from Bank of America a comprehensive list of claimants' accounts that are frozen. EDD should immediately thereafter evaluate the list—including considering using ID.me to verify claimants' identities—to identify accounts that should be unfrozen. By March 2021, it should direct Bank of America to take action to freeze or unfreeze accounts as appropriate.
To ensure that it reviews each account that Bank of America reports to it as suspicious or potentially fraudulent, by February 2021, EDD should establish a centralized tracking tool that allows it to review and stop payment on claims, as appropriate. EDD should use this tool to monitor its own internal decisions and track whether the claimant responds to its requests for identity information and should, therefore, have their account unfrozen.
To ensure that it maintains a robust set of safeguards against fraud, EDD should, by March 2021, designate a unit as responsible for coordinating all UI fraud prevention and detection. EDD should assign that unit sufficient authority to carry out its responsibilities and align the unit's duties with the GAO's framework for fraud prevention.
To ensure that it maintains a robust set of safeguards against fraud, EDD should, by May 2021, develop a plan for how it will assess the effectiveness of its fraud prevention and detection tools.
|Recommendations to Legislature|
To ensure that EDD prevents fraud associated with incarcerated individuals, the Legislature should amend state law to do the following:
- Require EDD to regularly cross-match UI benefit claims against information about individuals incarcerated in state prisons and county jails to ensure that it does not issue payments to people who are ineligible for benefits. The Legislature should specify that EDD perform the cross-matches as quickly as possible after individuals file claims and with as little disruption of legal and eligible claims as possible.
- Require CDCR and any other necessary state or local government entities to securely share information about incarcerated individuals with EDD to enable EDD to prevent fraud.
- Require EDD to include, in its annual report to the Legislature about fraud, an assessment of the effectiveness of its system of cross-matching claims against information about incarcerated individuals. The assessment should include how regularly EDD performs the cross-matches, how successful the cross-matches are in detecting and preventing fraud, and whether the cross-matches negatively affect eligible claimants attempting to legally obtain benefits.
|Legislation Proposed But Not Enacted|
To ensure that EDD effectively protects the integrity of the UI program, the Legislature should amend state law to require EDD to do the following:
- By January 2022 and biannually thereafter, assess the effectiveness of its fraud prevention and detection tools and determine the degree to which those tools overlap or duplicate one another without providing any additional benefit. EDD should then eliminate any fraud prevention and detection approach for which it lacks clear evidence of effectiveness. It should include this assessment in its annual report to the Legislature on fraud detection and deterrence efforts.
- By July 2021, provide the Legislature with an update on its progress in performing this analysis.