Confidential Proofed Draft #1—12/10/08 December 2008
General Assembly of Pennsylvania
Financial statement audit results
Report to the Legislative Audit
Advisory Commission of the
Commonwealth of Pennsylvania
Introductory letter ............................................................................................................................................................. 1 Statement on Auditing Standards (SAS) No. 114 communications......................................................................................... 2 Management letter ........................................................................................................................................................... 4
December 17, 2008
Members of the Legislative Audit Advisory Commission
Commonwealth of Pennsylvania
Dear Members of the Legislative Audit Advisory Commission:
We are pleased to present the results of our audit of the statement of financial affairs (the financial statement) for the fiscal year
ended June 30, 2008 of the General Assembly of Pennsylvania.
This report to the Legislative Audit Advisory Commission summarizes our audit, the scope of our engagement, and key
observations and findings from our audit procedures. The document also contains the communications required by our
professional standards to the Legislative Audit Advisory Commission.
The audit was designed to express an opinion on the financial statement for the fiscal year ended June 30, 2008. In accordance
with professional standards, we obtained a sufficient understanding of internal control to plan the audit and to determine the
nature, timing, and extent of tests to be performed. However, we were not engaged to and we did not perform an audit of internal
control over financial reporting.
As required by Statement on Auditing Standards No. 114, we are bound to restrict the use of this report to those familiar with the
financial operations and systems used to produce the financial statement. This report is, accordingly, intended solely for the
information and use of the Legislative Audit Advisory Commission and management, and is not intended to be and should not be
used by anyone other than these specified parties.
We appreciate this opportunity to meet with you to discuss the contents of this report and answer any questions you may have
about these or any other audit-related matters.
Very truly yours,
Stephen A. Baloga
Statement on Auditing Standards (SAS) No. 114
Auditors’ responsibilities under generally accepted auditing standards (GAAS) The financial statement is the responsibility of management. Our audit is a financial audit that was designed in accordance with
auditing standards generally accepted in the United States to provide reasonable, rather than absolute, assurance that the
financial statement is free of material misstatement. As a part of our audit, we obtained an understanding of internal control
sufficient to plan the audit and to determine the nature, timing, and extent of testing performed. However, as is typical for
government entities and as allowed under GAAS, we were not engaged to and we did not perform an audit of internal control over
financial reporting, i.e., an internal control audit.
We will issue an unqualified opinion on the General Assembly’s financial statement for the fiscal year ended June 30, 2008. Significant accounting policies
The accounting policies are disclosed in the notes to the financial statement and are consistent with prior years.
Auditors’ judgments about the quality of accounting principles Management has consistently applied accounting principles as disclosed in the notes to the financial statement. Judgments
applied and disclosures made are reasonable.
Management’s judgments and accounting estimates
There were no significant management judgments or accounting estimates.
Methods of accounting for significant unusual transactions and for controversial or emerging
There were no transactions during the year for which the accounting is in a controversial or emerging area.
We are required to inform the Legislative Audit Advisory Commission about adjustments arising from the audit (whether recorded
or not) that could in our judgment either individually or in the aggregate have a significant effect on the financial statement.
There were no significant audit adjustments, recorded or unrecorded, for the fiscal year ended June 30, 2008.
Fraud, and illegal acts
During the fiscal year ended June 30, 2007, the Attorney General’s Office initiated an investigation into the propriety of
supplemental payroll (bonus) payments paid to certain General Assembly employees during the fiscal year and other activities of
This investigation is ongoing, and we have been informed by management that the impact of the investigation is not expected to have a material effect on the financial statement for the fiscal year ended June 30, 2008.
Material weaknesses in internal control
We noted no material weaknesses in internal control; however, as described in the attached management letter, we noted significant deficiencies in internal control relating to the General Assembly’s financial statement close process and the processing of expenditures through committee and leadership checking accounts for the House of Representatives. We also noted information technology general controls deficiencies and other items, as described in the attached management letter.
Disagreements with management on financial accounting and reporting matters None.
Serious difficulties encountered in performing the audit
Major issues discussed with management prior to retention
Consultation with other accountants
We are bound by professional standards as far as independence is concerned. We are not aware of any relationships between Ernst & Young and the General Assembly of Pennsylvania that, in our judgment in accordance with professional standards, may reasonably be thought to bear on our independence.
December 17, 2008
The Legislative Audit Advisory Commission of the
Commonwealth of Pennsylvania
In planning and performing our audit of the financial statement of the General Assembly of Pennsylvania (“the General Assembly”)
as of and for the fiscal year ended June 30, 2008, in accordance with auditing standards generally accepted in the United States, we considered its internal control over financial reporting (“internal control”) as a basis for designing our auditing procedures for the purpose of expressing our opinion on the financial statement, but not for the purpose of expressing an opinion on the
effectiveness of the General Assembly’s internal control. Accordingly, we do not express an opinion on the effectiveness of the General Assembly’s internal control.
Our consideration of internal control was for the limited purpose described in the preceding paragraph and would not necessarily identify all deficiencies in internal control that might be significant deficiencies or material weaknesses. However, as discussed below, we identified certain deficiencies in internal control that we consider to be significant deficiencies.
A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal
course of performing their assigned functions, to prevent or detect misstatements on a timely basis. A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the entity’s ability to initiate, authorize, record, process, or report financial data reliably such that there is more than a remote likelihood that a misstatement of the entity’s financial statements that is more than inconsequential will not be prevented or detected by the entity’s internal control. A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote
likelihood that a material misstatement of the financial statements will not be prevented or detected by the entity’s internal control.
During our audit, we noted the following matters involving internal control over financial reporting and its operation that we
consider to be significant deficiencies, as defined above.
The General Assembly of Pennsylvania is statutorily organized by the Senate, House of Representatives (House), and various
legislative service agencies. The Senate and House are further statutorily organized by Republican and Democratic caucuses.
Each of these separate entities and caucuses has independent and differing financial rules and policies (i.e., a decentralized
environment). Appropriation activity is tracked internally through financial information systems by each respective entity on the budgetary basis of accounting, and by utilizing the “Status of Appropriations,” a report produced by the Pennsylvania Treasury Department, which tracks appropriation activity monthly. Accordingly, the financial information systems and supporting staff
utilized by the General Assembly are designed and trained to track appropriation activity on a budgetary basis of accounting,
which is a comprehensive basis of accounting other than accounting principles generally accepted in the United States (GAAP).
The General Assembly is required to produce entity-wide financial statements annually. Revenue (appropriations) and
expenditure activity is included in the financial systems of the Pennsylvania Office of the Budget on a budgetary basis via an
interface from the Pennsylvania Treasury Department; however, the General Assembly is also required to provide the
Pennsylvania Office of the Budget with the activity or balances consistent with accounting principles generally accepted in the
United States (GAAP) for inclusion in the Commonwealth-wide Comprehensive Annual Financial Report.
The decentralized environment and financial systems of the General Assembly are not designed to produce entity-wide financial
statements or reflect activity or balances consistent with accounting principles generally accepted in the United States (GAAP).
Beginning in fiscal year ended June 30, 2007, the General Assembly began preparing commitment amounts (e.g., accounts
payable, accrued payroll, etc.) to enhance the presentation of its financial statement. These amounts reflect expenditures
incurred during the fiscal year, but paid in the subsequent fiscal year, and provide a better analysis of uncommitted funds
available at the end of the fiscal year.
We recommend that the General Assembly consider developing/enhancing the financial statement close process, including
centralized financial information systems and controls, necessary to record, process and report financial data consistent with the
above-noted reporting requirements (entity-wide financial statements, accumulation of commitments related to appropriations
and GAAP balances for inclusion in the Commonwealth-wide Comprehensive Annual Financial Report). Listed below are
examples, including, but not limited to, financial statement close process and/or financial reporting and related systems
enhancements that should be considered:
• System-Related Enhancements — implementation of a general ledger system that enhances the General Assembly’s ability
to initiate, authorize, record, process, and report financial data (by agency) utilizing a double-entry accounting system;
• Financial Reporting Presentation — presenting expenditures by category (e.g., salaries and wages, benefits, rent, furniture,
equipment, etc.), by appropriation, in the financial statement may provide users of the financial statement with more
detailed information as to natural expenditure classifications; and
• Universal/Centralized Leave Policy — the House of Representatives should consider adopting a universal and centralized
leave policy that allows for a consistent and all-inclusive leave tracking system to measure and control accrued leave
liability commitments. Such a universal and centralized leave policy would be consistent with that which is currently
employed by the Senate of Pennsylvania.
Reimbursement of expenses for various appropriations maintained by committee chairmen and leadership of the House of
Representatives is made from contingency accounts (conventional checking accounts), which are also maintained by the
respective committee chairmen and leadership.
The Rules of the House of Representatives require committee chairmen and leadership responsible for contingency checking
accounts to prepare “Statements of Monthly Expenditures” reports (i.e., Rule 14 reports). Although the Rule 14 report documents certain expenditure information, it does not appear to always adequately document the
specific business/legislative purpose related to each expense item. Failure to document legislative purpose for expenses
incurred could subject members/employees to IRS regulations whereby these expenses could be considered income and not
expense reimbursements. The House would then be required to complete IRS Form W-2 for such expenses.
Additionally, the advancement method for expense reimbursement inherently contains segregation of duties issues relating to
the cash disbursements, cash receipts (advancements) and reconciliation processes.
Furthermore, one Committee processes payroll through their checkbook and not through Treasury. Each payroll processed
through LDP generates a Voucher Transmittal (VT). During the period covered by our audit, we noted that procedures did not exist
whereby a supervisory employee reviewed the VT as a means to authorize and approve the remittance of payroll. We note that the
checkbook custodian processes payroll through the checkbook for both manual and direct deposit paychecks. The Committee
Comptroller writes and the Committee Chairman signs the manual payroll checks generated from the payroll processed through
LDP, but during our audit period, there was no independent review or approval of direct deposit payroll transactions. As a result,
the checkbook custodian was able to review and approve his or her own payroll as a direct deposit transaction. We have been
informed that starting in fiscal year 2008/2009 (after our audit period) the executive director reviews the VT and direct deposit
transactions (with signature) as a means to authorize and approve the remittance of payroll transactions.
The recording of expenditures from the conventional checking accounts does not consistently follow the same expense coding or
classifications as expenditures made from the Legislative Financial System (LFS). As a result, this would impact the General
Assembly’s ability of reporting expenditures on an entity-wide basis by expense category. 0812-1011875-PH 6
Consistent with our prior-year recommendation, consideration should be given to consolidating the individual committee and
leadership checking accounts into one account controlled by the House Comptroller’s Office, similar to the practice currently being utilized by the Senate Chief Clerk’s Office. Alternatively, consideration should be given to processing such expense
reimbursements by the House Comptroller through the Pennsylvania Treasury Department. Both reimbursement methods would
improve internal controls over such funds by subjecting such expenditures to a timely review by the Comptroller’s Office. In addition, the legislative purpose should be documented for each expenditure item.
Absent any changes to the current House advancement method of expense payment/reimbursement, consideration should be
given to alternative internal control enhancements, including, but not limited to, reduction of advancement and checkbook
balance amounts; enhanced descriptions of legislative purpose of Rule 14 reports; the processing of all payroll transactions
through Treasury, the acceleration of checkbook audit procedures and/or the introduction of an internal audit function for more timely and frequent audits; and the coding of expenditures consistent with that of LFS.
We have been informed that beginning with the new 2009-2010 legislative session the House Comptroller’s Office will be taking
over the reimbursement of various committee expenses. Committee chairmen will no longer have checkbooks for committee
expenses but will request reimbursement of these expenses through the Comptroller’s Office. Various leadership, LSA, petty
cash and benefit accounts will remain open.
During our audit, we also noted the following control deficiencies (as described above) relating to our IT General Controls review of the Legislative Data Processing Committee (LDPC) and other matters we feel are worthy of your attention:
A periodic monitoring of program changes implemented into the production environment is not performed. Program changes that
are inappropriate or unauthorized may be moved into the production environment without management’s knowledge or approval. As a result, there is a risk that unauthorized or incorrect program changes can be made.
We recommend that periodic reviews of program changes implemented to the production environment be conducted to
determine that only appropriate and authorized program changes are implemented. Any unknown program updates should be
researched and formally approved by management.
The LDPC Lead Financial Applications Developer, responsible for making changes to the Legislative Personnel System (LPS) and
Legislative Financial System (LFS) applications, is also the person who approves the changes that are migrated into production. Updated program code may be implemented into the production environment without appropriate review and approval. As a
result, this segregation of duties concern poses a risk that unauthorized or incorrect program changes will be made without
In an effort to enforce adequate segregation of duties, we recommend that users with the ability to implement changes to the
production environment be separated from users with the ability to approve those changes. In the event that this is not feasible given the limited resources, management should institute a reasonable detective control to systematically log and review actual changes made to the application environment.
User access to the LPS and LFS applications is not being reviewed periodically by the departments that request the user’s access. Unauthorized accounts may be created that can be used to perform unauthorized activities. Also, terminated employees might
have active accounts with access to the applications if the termination review is not performed properly.
We recommend that formal, documented procedures be developed and executed for the timely maintenance of User IDs.
Management should periodically review user access to critical systems and applications to ensure access granted is reasonable
given personnel responsibilities within the organization and the results of those reviews should be documented and retained
As a matter of good fiscal policy, the General Assembly should consider current measurable commitments (e.g., accounts
payable, accrued payroll, lease commitments, etc.) as well as other types of commitments (e.g., post-employment retirement
benefits for retired employees, future payments of unused employee compensated leave, etc.) in the monitoring and
establishment of financial reserves (continuing appropriation balances). Accordingly, the General Assembly should consider