HARTFORD, CT – The Office of Legislative Management should strengthen and improve internal controls to ensure it complies with laws, regulations, and policies, a recent audit recommends.
The audit, conducted for fiscal years ending in June 2022 and 2023, found three deficiencies in the department, including missing Family and Medical Leave Act (FMLA) forms, failure to promptly report losses, and failure to implement an IT framework to mitigate exposure to various technology risks.
The Office of Legislative Management, overseen by Executive Director Jim Tamburro, provides administrative and operational support for the Connecticut General Assembly.
During the audited period, the office had 52 employees on medical leave for more than 10 consecutive days, totaling 1,490 days. Auditors reviewed 15 employees on medical leave selected at random, totaling 357 days, and found that although the office had medical certificates on hand, it could not find seven FMLA forms for four employees. An additional 11 required forms were dated seven to 77 days late or were missing dates, according to the audit.
“Missing or late FMLA documentation may result in noncompliance with FMLA guidelines and state policies,” the audit points out. “The lack of documentation to support medical leaves appears to be the result of a lack of management oversight.”
Missing FMLA documentation was also reported in two prior audits, covering the fiscal years 2018 through 2021.
The department said in its response that it will review its internal controls to ensure it administers medical leave in accordance with FMLA guidelines.
“JCLM [Joint Committee on Legislative Management] has always followed the law in granting and managing leaves but understands the importance of documentation supporting medical leaves of absence,” stated in its response.
The office also filed two loss reports during the audited period but did so several months after the losses were discovered, the audit shows. The first loss report contained 14 equipment items totaling $81,238, which was flagged during an inventory review in June 2021, but the loss was not reported until October 2021. The second report contained 10 items totaling $37,920 identified as missing in June 2022, but not reported until September 2022, the audit shows.
“Untimely loss reporting limits the state’s ability to effectively monitor state resources,” auditors said in their report.
In its response, the department said it will “endeavor to improve the timeliness” of its loss reports.
Auditors also recommended that the IT office document its information technology general controls over the Peoplesoft financial and human resources modules, a program it has customized to process financial, payroll and personnel transactions. The department should also consider adopting control objectives for IT, called COBIT objectives, to mitigate information technology risks, auditors recommended.
The department said that while it works “diligently” to provide a secure platform, it agrees with this recommendation and will pursue the documentation of its IT general controls in accordance with the COBIT framework.
link