The Texas Department of Criminal Justice should consolidate its fiscal and program audit functions, deposit all its funds in the State Treasury, and install anti-fraud software enhancements.
The growth, size, and geographic isolation of the Texas Department of Criminal Justice's (TDCJ) operations provide an environment where significant fraud and abuse could be committed without timely detection. Well-publicized instances of TDCJ management problems have made this abundantly clear. TDCJ could make better use of its already extensive audit resources to deter waste, abuse, and fraud.
History of ineffective audits
In 1994, TPR's Behind the Walls report uncovered expensive yet duplicative and weak audit efforts within TDCJ. In fiscal 1994, TDCJ had two separate and sizable audit units with a total of 55 audit and program review positions--one of the largest in state government. The Community Justice Assistance Division (CJAD) had 22 audit and program review positions, while the agencywide Internal Audit Division had 33 auditors. In addition, TDCJ had launched a new $500,000 per-year program to contract with private accounting firms to perform fiscal 1994 audits of all 120 local probation departments.
Considering the size, growth, and complexity of TDCJ's operations and construction programs, an audit staff of 55 might have been justified had they been used effectively by TDCJ's top managers. However, too much time was spent looking at low-risk operations, and too little time in high-risk areas with weak controls and high-dollar activity.
For example, TDCJ performed triplicate audits of the state's local probation departments, now known as community supervision and corrections departments (CSCDs). TDCJ executives required these departments to be audited by CJAD auditors, the Internal Audit Division, and privately contracted CPAs. These overlapping efforts were not coordinated.
Behind the Walls found that TDCJ's executive managers misallocated expensive audit resources. The Internal Audit Division's 33 auditors were charged with monitoring agencywide operations of over $2 billion. In contrast, CJAD's 22 fiscal and program auditors, plus outside CPA firms on contract, covered contractor expenditures of only about $300 million annually. Obviously, this was a case of too many auditors chasing too few dollars.
Behind the Walls recommended that CJAD and Internal Audit staffing be combined into a single audit unit, in recognition of modern "single audit" methods that have been industry practice since the early 1980s. TPR also recommended that the audit staff be reduced by 12 positions (through vacancies, reassignments, or attrition) because fiscal audits of local probation departments were being outsourced to CPA firms. Outsourcing makes more sense when combined with downsizing or redeployment of agency staff.
More than two years after TPR's recommendations, TDCJ has yet to consolidate and focus its audit staff. Instead of being leaner and more efficient, CJAD audit staffing has grown by 57 percent (Exhibit 1). CJAD also has continued the practice of outsourcing the CPA audits of local probation departments.
Ironically, a 1996 internal audit report showed that CJAD's fiscal audit oversight continues to be seriously flawed--even as its staffing increases. Despite the increase of CJAD auditors, for example, a state audit criticized CJAD for not sufficiently overseeing expenditures by the Harris County probation department. According to the State Auditor's Office, the Harris County probation department mismanaged tens of millions of state and local dollars.
Growth of TDCJ's Fiscal and Program Audit Staffs
Authorized Positions Fiscal 1994 Fiscal 1996 CJAD Field Services and Fiscal Management* 22 38* Internal Audit Division 33 33 Total 55 71
* Includes seven pending new hires in Fiscal Management.
Source: Texas Department of Criminal Justice.
CJAD fiscal and program audits
After the April 1994 release of Behind the Walls, CJAD's audit function--already in a poorly managed state--only worsened. According to discussions with current CJAD managers, and confirmations by the State Auditor's Office, CJAD entirely discontinued field audits from June 1994 to December 1995. Field audits were canceled, but CJAD retained its audit and program monitoring staff on the CJAD payroll. In contrast, TDCJ's new State Jail Division had only one full-time fiscal contract monitor overseeing $130 million in fiscal 1995 contract expenditures.
Meanwhile, CJAD has continued to require the state's 120 CSCDs to contract with local CPA firms to perform annual financial audits. Financial oversight of CSCDs is essential, but the management of this audit program is weak.
TDCJ's Internal Audit Division published a report in 1996 on the quality and effectiveness of CJAD's oversight of its CSCD financial audit program. The internal audit report lists over a dozen major audit deficiencies of CJAD's fiscal audit oversight, such as strong doubts about the program's cost-effectiveness; inadequate planning and designing of goals, objectives, policies, and procedures; a lack of CJAD audit independence and objectivity; failure to provide uniform reporting standards for CPAs; doubts about the completeness and accuracy of information obtained from the CPA audit reports; and inadequate documentation in CJAD's files.
Executive managers of TDCJ headquarters and CJAD did not set out plans and goals to explain the purpose and expected benefits of the CPA audit outsourcing. CJAD did not communicate to the CPA firms what each fiscal audit report should contain, the format of the information, or even a sample report. Not surprisingly, CJAD had difficulty compiling, assessing, and reconciling the CPA audit reports to CJAD's own records. When the review of CPA reports fell behind, CJAD simply reviewed CPA reports in alphabetical order rather than by priority.
CJAD now plans to expand its Fiscal Management staff from one position to eight. Assuming an estimated $45,000 per person for salaries, benefits, support services, supplies, equipment, and training, CJAD will spend about $360,000 annually to "audit the auditors." Rather than simply consolidating and reengineering audit resources, TDCJ has greatly expanded the cost of an ongoing process whose underlying effectiveness itself is questionable.
Internal auditors ineffectively used
In contrast to CJAD, the Internal Audit Division is better organized and further along with improvements. The main problem lies not within the division itself, but with the ineffective use of internal auditing by the executive director and the board. No matter how good an internal audit group is, it cannot be effective unless an agency's board and executive director assign the audits in the areas of the highest potential payoffs, then act on the recommendations.
An independently contracted "quality assurance review" of the Internal Audit Division demonstrated that it is much better organized than CJAD's fiscal and program audit functions. All Texas state internal audit departments undergo quality assurance reviews, as required by law and by professional internal auditing standards. TDCJ's quality assurance review found that internal audits were properly planned and executed, with well-prepared documentation of audit evidence. The Internal Audit Department has a "very thorough internal audit manual," according to an outside consultant, who found that the staff received appropriate training and that the department "in general complies with the (codified industry) Standards for the Professional Practice of Internal Auditing."
In contrast, CJAD lacks an audit and program review manual, which was recommended by TPR in 1994. CJAD has begun an audit planning process, but its audit plans consist mainly of lists of audit schedules. CJAD still does not have basic audit tools in place, such as an audit risk assessment process to allocate its auditing to the highest priority areas.
While CJAD's fiscal and program audit staff has grown tremendously, Internal Audit's staff has remained at 33 budgeted positions, some of which were not even filled. Internal Audit has been understaffed due to the agency's failure to fill internal audit vacancies in Huntsville for well over one year. In July 1995, the quality assurance review by an outside consultant noted that:
Seven staff positions, 29 percent of the (Internal Audit) department's 24 positions, remain vacant, including an audit manager's position in Huntsville. The growth the agency is experiencing and the extent of the audit work contained in the current audit plan can ill afford these positions to remain unfilled. The Board and the agency run the risk of not having sufficient audit resources in place to ensure that appropriate controls within the agency are in place and functioning properly. 
Internal auditing was being reduced by TDCJ's upper management at the same time that instances of major waste and abuse were escalating. TDCJ's explanation for unfilled audit positions was due to "budget constraints and (lack of) available office space." But over a year later, at least five internal audit positions in Huntsville were still unfilled, as of July 1996. TDCJ once again claimed there was no room to place additional internal auditors due to the continuing remodeling of Huntsville offices.
Poor information systems
Years of problems with TDCJ's computer systems compound the difficulty of implementing basic management control tools and anti-fraud technology. These long-standing problems were documented in Behind the Walls. Some of TDCJ's key information systems have improved little in the last two years. The problem was so bad that in May 1996, the governor publicly considered outsourcing one of TDCJ's information systems that tracks inmates and parolees. The Senate Committee on Criminal Justice in its September 1996 report emphasized that TDCJ's "deficient computer system handicaps the entire criminal justice system and makes informed decision making impossible." Clearly, the information systems improvements recommended in Behind the Walls have not been adequately implemented.
The Senate Committee on Criminal Justice is requiring TDCJ to fix these long-standing problems according to set deadlines. This gives TDCJ a window of opportunity to plan and install software edit checks and pattern recognition features into its automated systems. Software enhancements would flag questionable entries and transactions for closer monitoring by TDCJ managers, internal auditors, and outside audit groups. TDCJ would also have the opportunity to use its internal audit department in the systems design planning process to ensure that state-of-the-art software controls are built into the systems up front and not added as an afterthought.
Cash held outside the treasury
The majority of TDCJ's funding is from the state's General Revenue Fund. Balances of general revenue appropriations are held in the State Treasury, with transactions recorded in Texas' statewide accounting system. However, some TDCJ account balances and cash flows are managed outside the Treasury. TDCJ's 1995 annual financial report listed end-of-year cash balances of $10.2 million in cash held in local banks, $19 million in short-term investments, and $10 million in the Treasury. Legislative appropriations of $157.7 million also were held in the Treasury. In light of past financial abuses at TDCJ and as a prudent management step, closer examination and controls over outside accounts are warranted.
Decreased financial oversight
While TDCJ's operations have expanded in size, scope, and financial risk, financial audit oversight of TDCJ by the State Auditor's Office (SAO) appears to have been disproportionally low. According to a review of SAO by the consulting group KPMG Peat Marwick, SAO in fiscal 1993 worked 225 hours performing financial auditing at TDCJ, and this dropped to only 50 hours in fiscal 1994. In comparison, SAO's fiscal 1994 state and federal grant financial audit work at other large state agencies included 4,291 hours for the Employees Retirement System, 3,928 hours for the Teachers Retirement System, 10,656 hours for the Department of Human Services, and 5,683 hours for the Texas Department of Transportation. While SAO's total audit efforts in fiscal 1994 were the same as in 1990--around 237,000 audit hours--the percentage of financial auditing has declined not just at TDCJ but across the board. SAO's total financial audit hours decreased from 108,062 in fiscal 1990 to 67,962 in fiscal 1994, a decline of 37 percent.
In SAO's May 1996 statewide report of financial audit results, discussions of TDCJ comprised only one paragraph in 173 pages. TDCJ was not cited for internal control weaknesses, despite the fact that criticism of its financial management and contracting practices had been widely publicized by the media. The SAO report cited no findings regarding TDCJ, largely because of the limited scope of financial audit work at TDCJ. SAO stated that the "primary focus of our audit was [TDCJ's] compliance with significant bond covenants and presentation of board-related disclosures in the 1995 Annual Financial Report." Subsequently, SAO has greatly increased financial auditing and investigations of TDCJ. SAO was directed by the legislative Joint General Investigating Committee--a special committee charged with making recommendations regarding the prevention and detection of fraud in contracts with state agencies--to investigate TDCJ and other agencies in greater detail.
A. State law should consolidate all Texas Department of Criminal Justice (TDCJ) audit and program review functions--including internal auditing, contract auditing, and community justice assistance division auditing--with regular supervision and assistance by the State Auditor's Office (SAO).
TDCJ's lack of progress in improving its audit functions has been the responsibility of its executive director and board. To prevent further delay during this period of change, TDCJ's enabling statute should require the consolidation of all fiscal and program audit functions into a single Internal Audit Division.
During fiscal 1998 and 1999, TDCJ's consolidated Internal Audit Division should be regularly supervised and guided by the SAO. SAO should provide training and expertise until the newly consolidated audit department is operational and proven to be focused on areas of the highest dollars and risk. The size and risk of TDCJ's operations warrant these remedial actions by SAO.
SAO should also be an active partner in preparing TDCJ's 1998-1999 biennial audit risk assessment and audit plan. SAO should provide training to help senior TDCJ managers in designing effective internal audit plans. SAO should also provide anti-fraud audit training to all of TDCJ's program and fiscal auditors. Through these measures, SAO would provide advice and guidance to both the internal auditors and TDCJ managers.
Consolidating Community Justice Assistance Division (CJAD) program and fiscal monitors into the Internal Audit Division would kick-start CJAD's audit program, and would provide for an outside, independent evaluation of CJAD operations. This recommendation would eliminate long-standing gaps and duplications of audit efforts and provide more oversight over TDCJ audits. Consolidation would create a pool of cross-trained auditors who could then be focused on the highest risk areas, and be deployed with greater flexibility. This arrangement would also focus more of SAO's resources on scrutinizing financial accountability at TDCJ.
This recommendation would leave TDCJ's internal auditing with a staff of 45 authorized positions: 33 from the existing Internal Audit Division plus 12 positions transferred from CJAD. According to SAO, state agencies with more than $500 million in appropriations have an average of 13 internal auditors. As a percentage of total agency employment, large state agencies' internal audit staff average 0.12 percent of agency employment. Applying this formula to TDCJ's total staffing of about 39,000 comes to 47 internal auditors. By either measure, 45 auditors would provide TDCJ with sufficient internal audit staff.
B. The appropriations act should require TDCJ to design and install anti-fraud detection enhancements into all new, upgraded, or revised computer systems.
As TDCJ continues installing new systems and improving old ones, basic automated "red flags" should be designed into the computer systems.
C. State law should be amended to require that all of TDCJ's funds be deposited to the State Treasury, including trust funds and any other special accounts.
This provision would add another level of accountability over revenue, expenditures, and account balances under TDCJ's operating and fiduciary control. All cash flows and account balances of any and all TDCJ-related funds should be in the Treasury, with enforceable penalties for violating this requirement.
Many of these recommendations can be achieved with little or no additional costs using TDCJ's extensive resources. Savings would come from consolidating audit efforts within TDCJ; by eliminating duplicate auditing; and by making fraud and abuse much more difficult to commit without detection.
Auditing can be made more productive while simultaneously reducing TDCJ's combined audit staff by 26 FTEs. At an estimated cost of $45,000 per auditor--including salaries, benefits, equipment, supplies, and travel--this would save $1,170,000 annually. TDCJ would still have a sizable audit unit, with a combined fiscal and program audit staff of 45 employees (not including the more than 100 Internal Affairs investigators).
Strengthening management controls and targeting audit efforts would reduce waste and fraud, though the amount of dollar savings cannot be precisely estimated. Given the size of TDCJ's operations and contracts, improved controls and oversight easily could save tens of millions of dollars annually.
The following savings would be achieved by reducing TDCJ's appropriations to reflect audit positions no longer needed.
Fiscal Savings to the Change Year General Revenue Fund in FTEs 1998 $1,170,000 -26.0 1999 1,170,000 -26.0 2000 1,170,000 -26.0 2001 1,170,000 -26.0 2002 1,170,000 -26.0
 Texas Comptroller of Public Accounts, Texas Performance Review, Behind the Walls: The Price and Performance of the Texas Department of Criminal Justice (Austin, Texas, April 7, 1994), pp. 81-86 and 357-359.
 Interview with Bonita White, field operations deputy director, Susan Cranford, director, and staff, Texas Department of Criminal Justice-Community Justice Assistance Division, Austin, Texas, July 25, 1996.
 Texas Department of Criminal Justice, Internal Audit Division, CPA-CSCD Audits (Austin, Texas, May 30, 1996), pp. 3-5.
 Office of the Texas State Auditor, A Review of the Harris County Community Supervision and Corrections Department (Austin, Texas, June 1996), pp. 1, 7, 9, 10, 13, and 19.
 Interview with Bonita White, Susan Cranford, and staff.
 Office of the Texas State Auditor, Status Report to the Joint General Investigating Committee on State Agency Contracting Practices (Austin, Texas, June 6, 1996), pp. 18-19.
 Texas Department of Criminal Justice, Internal Audit Division, CPA-CSCD Audits, pp. 3-5.
 Texas Department of Criminal Justice, Internal Audit Division, CPA-CSCD Audits, p. 16.
 Interview with Bonita White, Susan Cranford, and staff.
 Texas Department of Criminal Justice, Quality Assurance Review--Internal Auditing Department, by Richard H. Tarr, CISA, CIA (Austin, Texas, July 1995), pp. 18, 23.
 Interview with Bonita White, Susan Cranford, and staff.
 Texas Department of Criminal Justice, Quality Assurance Review--Internal Auditing Department, pp. 12-13.
 Texas Comptroller of Public Accounts, Behind the Walls: The Price and Performance of the Texas Department of Criminal Justice, pp. 195-238.
 Texas Senate Committee on Criminal Justice, Interim Report to the 75th Legislature (Austin, Texas, September 1, 1996), pp. 8-9.
 Texas Department of Criminal Justice, Annual Financial Report for the Year Ended August 31, 1995 (Austin, Texas, December 1995), pp. 4-5.
 KPMG Peat Marwick, An Independent Review of the State Auditor's Office (Austin, Texas, June 1995), Appendix 5, p. 1.
 KPMG Peat Marwick, An Independent Review of the State Auditor's Office, Appendix 5, p. 1.
 KPMG Peat Marwick, An Independent Review of the State Auditor's Office, p. 16.
 Office of the Texas State Auditor, 1995 Financial and Compliance Audit Results (Austin, Texas, May 1996), p. 152.
 Office of the Texas State Auditor, 1995 Financial and Compliance Audit Results, p. 152.
 Office of the Texas State Auditor, Evaluating the Effectiveness of Internal Audit (Austin, Texas, November 1994), p. 7.
|Texas Comptroller of Public Accounts|| Window on State Government|
Privacy and Security Policy