A Performance Audit
An Audit Report on The Department of Family and Protective Services' Adult Protective Services Investigations
August 2018
Summary Analysis
The Department of Family and Protective Services' (Department) did not consistently follow its policies and procedures for performing in-home investigations related to Adult Protective Services (APS). This increases the risk that allegations of abuse, neglect, or financial exploitation may not be adequately investigated and addressed. Specifically, the Department did not always:
- Make regular contacts with clients to ensure their safety as required by its policies.
- Follow its policies and procedures related to supervisory approval of cases.
- Follow its policies and procedures when determining that clients were ineligible for services.
The Department made adequate efforts to address client needs that it identified. Additionally, the Department ensured that it provided purchased client services only to eligible individuals, and it authorized and monitored those services in accordance with most applicable requirements. However, it should improve its controls over user access to certain information systems that contain confidential information.
The Department has policies and procedures that require caseworkers to make periodic contacts to verify that the clients are safe both during investigations and when the clients continue to receive ongoing services after the Department closes an investigation. However, the Department did not always follow those procedures. Specifically:
- In 4 (33 percent) of 12 investigations tested, caseworkers did not contact clients to verify their safety at least 1 or more times every 30 days as required by the APS In-Home Investigations Handbook. For those four investigations, the caseworkers did not make any contacts with the clients for time periods ranging from 69 days to 266 days while the investigation was open. In each of the four of the cases, the caseworker performed an initial safety assessment and determined the client was safe with no immediate interventions needed.
- In 7 (47 percent) of 15 cases tested in which the client was receiving ongoing services after the investigation was complete, caseworkers did not make the required number of contacts. For those seven cases, the caseworkers did not make any contacts with the clients for time periods ranging from 34 days to 114 days. The APS In-Home Investigations Handbook requires caseworkers to make contact at specified frequencies with clients receiving ongoing services to help ensure client safety and verify that services are meeting client needs.
According to the APS In-Home Investigations Handbook, timely supervisory review prior to case closure is one of the Department's primary controls for ensuring that it performs in-home investigations in accordance with applicable requirements and that clients are not left in a state of abuse, neglect, or financial exploitation. However, in 2,056 investigations closed from September 1, 2016, through January 31, 2018, the supervisor approving the investigation for closure was also assigned as the caseworker for the investigation. In addition, the Department's case management system does not prevent supervisors from submitting cases to themselves for approval.
In addition, the Department did not always conduct supervisory reviews within required timelines. Specifically, in 19 (31 percent) of 61 cases tested for compliance with timeliness requirements for supervisory review, the Department did not conduct a supervisory review within 10 days after the cases were submitted for review, as required by its policies. The review timeframes for those 19 cases ranged from 11 days to 86 days after the cases were submitted for approval. Not conducting a supervisory review in a timely manner could delay the identification of issues that should be addressed to help protect clients.
The Department's policies and procedures require caseworkers to initiate investigations within certain timeframes, perform required assessments of client safety, and make adequate efforts to address client needs.
Initiating Investigations
For 25 (96 percent) of 26 investigations tested, the Department followed those policies and procedures. However, the Department did not initiate an investigation for one case until more than six months after receiving a complaint of medical self-neglect. The Department's policy requires investigations to be initiated within 24 hours of receiving a complaint.
Investigating Allegations
Auditors tested an additional sample of 15 investigations to determine whether the Department addressed allegations in accordance with its policies and procedures. For all 15 investigations, the Department ensured that it reached a conclusion for all allegations associated with those investigations and that those conclusions were supported.
For a separate sample of 15 investigations tested, the Department interviewed the clients (alleged victims of abuse) in all 15 of those investigations. However, the Department did not interview the alleged perpetrator for 1 (7 percent) investigation tested and did not interview the person reporting an allegation in 3 (20 percent) investigations tested.
Addressing Client Needs
For all 15 cases tested in which the client was receiving ongoing services after the investigation, the Department made reasonable efforts as required to address client needs as identified in the service plan prior to closing the case.
The Department generally followed its policies and procedures for closing certain types of investigations. However, it did not always make all efforts that its policies and procedures require in investigations closed due to a client's refusal to cooperate.
Investigations Closed Without Completion of All Requirements
The Department's policies and procedures allow the Department to close investigations without completing all requirements when circumstances make completing those requirements unfeasible or unnecessary. Auditors tested 29 investigations that were closed without completing all requirements and determined that the Department followed its policies and procedures for all of those investigations.
Investigations Closed When Clients Refuse to Cooperate
Because the Department's clients are adults, they can refuse to cooperate with the Department during an investigation. The Department has policies and procedures for closing investigations in which the client refuses to cooperate with an investigation. Auditors tested 12 investigations that the Department closed because the client refused services and identified instances in which the Department did not follow its policies and procedures for 5 of those investigations.
The Department did not follow its policies and procedures when determining that clients were ineligible for APS in-home services in 3 (12 percent) of 25 cases tested. Specifically:
- In two cases, the Department did not document a valid reason for not investigating an allegation(s) or providing services prior to closing the case as ineligible. Department policies require APS to investigate all allegations related to eligible individuals. After auditors brought the two cases to its attention, the Department stated that its caseworkers should have investigated further prior to closing the cases. Determining that a client is ineligible for services without a valid reason could leave eligible clients at risk of abuse, neglect, or exploitation.
- One case should have been referred to a different division for investigation; however, because the case was closed as ineligible, it was not. According to Department documentation, the case would have been within the jurisdiction of APS Provider Investigations, which investigates allegations of abuse, neglect, and exploitation of individuals receiving services from certain providers. While information in the case file indicated that the client's needs were met and the service provider was changed, the allegation against a service provider was not investigated because the Department did not refer this case back to Statewide Intake so that it could be re-routed to APS Provider Investigations.
The Department ensured that all 25 clients tested who received purchased client services were eligible, and it documented the basis for the clients' eligibility for services in the case files.
Additionally, the Department had controls and processes in place to ensure that purchased client services transactions were for allowable goods and services, met a documented need, and had the required approvals. Auditors tested 25 purchased client services transactions, totaling $65,267 for compliance with certain requirements and determined that the Department generally followed its policies. Specifically, all 25 transactions tested:
- Were for allowable goods or services.
- Met a documented client need.
- Were approved by a supervisor and Department contracting staff.
Auditors identified weaknesses in the Department's user access management and access control processes for certain information systems that contain sensitive and confidential information.
To minimize security risks, auditors communicated details about the identified weaknesses directly to Department management in writing. Inadequate management of user access increases the risk of unintentional or unauthorized modification to data, disclosure of sensitive or confidential information, and misuse of the organization's information assets.
Graphics, Media, Supporting documents