Merry Christmas to the AOC – From State Auditor Elaine Howle

Posted on December 26, 2013

79


Released just before Christmas is a new audit report on the AOC’s compliance with judicial branch contracting law that can be found here. The summary of conclusions follows along with some notes from the JCW team.

Judicial Branch Procurement:

Semiannual Reports to the Legislature Are of Limited Usefulness, Information Systems Have Weak Controls, and Certain Improvements in Procurement Practices Are Needed

HIGHLIGHTS

Our review of implementation of the California Judicial Branch Contract Law highlighted the following:

  • Pervasive deficiencies in selected information system controls.
    • These weaknesses could compromise the security and availability of the systems.
    • The data in these systems that the Administrative Office of the Courts (AOC) and superior courts use for their day-to-day operations could lead to an incorrect or improper conclusion.
    • From JCW: The deficiencies in information system controls are so bad and the systems are so compromised that a separate, sealed report was issued to the AOC for their eyes only. Part of this is that the AOC has hundreds of employees and contractors but maintains thousands of active accounts across all of their systems, including those maintained at the California Courts Technology Center where many small courts get their IT services from. When an employee or a contractor leaves or retires, they often preserve the account enabled with the full load of permissions they previously enjoyed unless the employee has been terminated. 
  • Shortcomings in the format of the semiannual report limit its usefulness.
    • More than 770 of the 795 pages consisted of individual payment transactions, contracts, and contract amendments.
    • The report is not provided in an electronic format where the data can readily be sorted or filtered to allow users to quickly and effectively locate certain information. From JCW- They could have just as easily left the document in an excel format but to ensure that no one could hold them accountable, they turned that excel sheet into a pdf file that was 770 pages long and requires you to individually search every page instead of sort on entry types.
    • It does not include other important information, such as the history of each contract amended during the reporting period and whether the contract was made with a Disabled Veteran Business Enterprise.
  • A competitive process to procure goods and services was not used in some of the procurements made by the eight judicial branch entities (judicial entities) we reviewed. JCW – In essence, the state auditor is saying that there are lawbreakers associated with this new law. But who exists to enforce the law?
  • The AOC did not correctly evaluate bids for competitive procurements in two instances.
  • The AOC and the judicial entities did not properly document their justifications for using sole-source procurements in nine instances totaling $1.6 million.

RESULTS IN BRIEF

As required by the California Judicial Branch Contract Law (judicial contract law) enacted in 2011, the Administrative Office of the Courts (AOC) maintains the Judicial Branch Contracting Manual (judicial contracting manual), which outlines procedures for judicial branch personnel to use when procuring goods and services.1 Further, the AOC has begun issuing a semiannual report on procurement activities by the judicial branch, as the judicial contract law requires. We reviewed the implementation of the judicial contract law by the AOC as well as by eight other judicial branch entities (judicial entities), and we found that although these entities are generally complying with the law’s requirements and with the provisions of the judicial contracting manual, they need to improve certain practices and ensure that staff dealing with procurements are trained in the proper procedures and documentation process.

In February 2012, on behalf of the Judicial Council of California (Judicial Council)—the policy-making body of the California courts—the AOC began submitting the semiannual reports to the Joint Legislative Budget Committee and the California State Auditor, using procurement data from its Oracle Financial System and Phoenix Financial System. However, we identified pervasive deficiencies in our review of selected information system controls over these two systems. These weaknesses could compromise the security and availability of the AOC’s and superior courts’ information systems, which contain sensitive information such as court case management records and human resources data. Consequently, we determined that an unacceptably high risk exists that data the AOC and the superior courts use for their day-to-day operations could lead to an incorrect or improper conclusion.

Further, shortcomings in the semiannual report’s format have resulted in a report with limited usefulness to decision makers and other users. For example, the most recent report spanned 795 pages, of which more than 770 pages consisted of a listing of individual payment transactions, contracts, and contract amendments. Despite the size of the report, the AOC provided it in a format where the data cannot be readily sorted or filtered. Consequently, users cannot easily identify high-risk payment transactions, contracts, contract amendments, and other information that might be of interest. For example, a user looking to identify the most costly contracts or payments would need to review each entry listed in the various sections of this lengthy report to identify the relevant information. We believe that it is possible to present the report in an electronic format that allows users to quickly and effectively locate certain information. Further, we believe the AOC should include additional information in the semiannual reports, such as the history of each contract amended during the reporting period and whether the contract was made with a Disabled Veteran Business Enterprise, and should ensure that it tracks this information in its data systems.

Our review of procurements that the eight judicial entities conducted found that some did not consistently use a competitive process to procure goods and services. The judicial contracting manual generally requires the AOC and judicial entities to use a competitive process for procurements of $5,000 or greater. Some procurements, such as those for legal services, are exempted from this requirement. However, four of the judicial entities could not demonstrate that they competitively procured goods or services in five of the 15 instances we reviewed for which competition was required; these goods and services totaled approximately $154,000. For example, we found that two judicial entities did not acquire multiple offers when using the California Multiple Award Schedules to obtain goods, as required for those procurements. In addition, the AOC did not competitively procure information technology goods in one of 16 procurements we reviewed for which competition was required.

Moreover, we found that the AOC did not correctly evaluate bids for competitive procurements in two instances. Although the errors did not negatively affect the outcome in these instances, such errors have the potential to affect decisions regarding vendors. Moreover, the AOC and the judicial entities did not properly document their justifications for using sole-source procurements rather than a competitive process in nine instances totaling $1.6 million. Some staff at the judicial entities stated that additional training in procurement practices would be beneficial. A manager at the AOC stated that the AOC had offered some training, but he agreed that judicial entities likely need additional training. However, the format, scope, and logistics of training to be offered in the future are yet to be determined.

Finally, state law requires the policies and procedures in the judicial contracting manual to be consistent with the California Public Contract Code and substantially similar to the provisions contained in the State Administrative Manual and the State Contracting Manual, which we generally found to be the case. In addition, the AOC’s and judicial entities’ local contracting manuals generally include information that the judicial contracting manual states that local manuals must or should address.

RECOMMENDATIONS

To improve the usefulness of the Judicial Council’s semiannual reports, the Legislature should amend the Judicial Branch Contract Law to require that the Judicial Council make the semiannual reports available in an electronic format that allows users to readily sort and filter the data. Further, the Legislature should require the Judicial Council to include additional information in the semiannual reports. This additional information should include items such as the history of each contract amended during the reporting period and whether the contract was with a Disabled Veteran Business Enterprise. Until a statutory requirement is enacted, the AOC should work with the Judicial Council to pursue a cost-effective method to implement these changes. The AOC should also ensure that it tracks the additional information in its data systems.

The AOC should immediately begin implementing improvements to its controls over its information systems.

The AOC and certain judicial entities should implement procedures to ensure that they follow a competitive process for their procurements when required.

The AOC should strengthen its procedures to ensure that bid evaluations are conducted properly and calculated correctly.

The AOC and certain judicial entities should implement procedures to ensure that they properly document their justifications of sole-source procurements.

The AOC should provide additional training to its staff and the judicial entities on how to conduct procurements in compliance with the judicial contracting manual.

AGENCY COMMENTS

The judicial entities agreed with all the recommendations we directed to them, and several outlined steps they have taken or will take to implement them. Although the AOC agreed to implement some of our recommendations, it expressed concerns about the conclusions we reached regarding weaknesses in its information systems. Further, the AOC stated that it is willing to pursue a cost-effective method to provide in the semiannual report the additional information we recommended. However, the AOC noted that the additional information is not currently statutorily mandated and stated that it is uncertain, unless additional funding is provided, whether it could implement the recommendations within the time frame requested.

JCW- “Expressed concerns” equates to “Make this part of the report private so that no one (especially our many court customers) can nail down how compromised our systems really are” which is what the state auditor ended up doing.

_____________________________________________________

From JCW:

This audit is yet another reason for a full-blown audit of the Judicial Council and the Administrative Office of the Courts AND their thus untouchable construction programs. This time of year is when legislators craft their signature legislation for the year. Are there going to be any heroes in the assembly and or the senate that will reign in this rogue outfit?

Also – a new petition was spotted in a search…….suggesting an audit of judicial branch governance.(link)