A Performance Audit
An Audit Report on Child Care Services for Children in Protective Services at the Texas Workforce Commission and the Department of Family and Protective Services
October 2019
Summary Analysis
The Texas Workforce Commission (TWC) administered child care services for more than 52,000 children in protective services between September 1, 2017, and January 31, 2019. However, TWC did not ensure that child care attendance was accurately reported and tracked for those children. The accuracy of recorded attendance and absences for children in protective service is important because it is used by the Department of Family and Protective Services (DFPS) to monitor and follow-up on the safety of the children receiving care.
Child care was billed at allowable rates by Workforce Boards. Auditors visited two Workforce Boards and verified that day care services for all 120 children tested had the required authorizations and were billed at allowable rates. In addition, authorized services were provided by eligible child care providers. However, TWC and the Workforce Boards should improve certain controls to ensure that child care authorizations are processed accurately and within the required timeframes.
DFPS reimbursed TWC for eligible child care expenses in accordance with its contract. However, it should improve the timeliness of its monthly billing rejection reports it is required to provide to TWC.
TWC did not report attendance to DFPS as required by its child care contract and it did not ensure that its Workforce Boards were adequately monitoring to verify that attendance was being recorded as required. The accuracy of recorded attendance and absences for children in protective services is important because DFPS uses that information to monitor and follow-up on the safety of the child receiving care.
TWC uses a swipe card system to track attendance at child care providers and all attendance is required to be reported in this system. However, TWC and the Workforce Boards do not ensure that swipe cards are consistently used as required.
Specifically, of all absences reported to DFPS from September 1, 2017, through January 31, 2019, for children in protective services, 93.3 percent were due to attendance not being swiped in the attendance system; only 6.7 percent were swiped and reported as a confirmed absence as required. As a result, there is a risk that absences were significantly over reported, which may put a strain on DFPS caseworkers who are required to follow up on the absences.
At the two Workforce Boards that auditors visited, day care services for the 120 children tested had the required authorizations and were billed at allowable rates. In addition, all child care providers for the time period reviewed did not have any adverse actions that would preclude them from providing care to children in protective services.
Timeliness of entering service authorizations. To help ensure that there is no delay in placing a child in protective services into child care, Workforce Board’s child care contractors are required to enter service authorizations into The Workforce Information System of Texas (TWIST) within three days of when they received those authorizations from DFPS. However, the two Workforce Boards audited did not ensure that their child care contractors consistently entered that information within the required timeframe.
Accuracy of entering service authorizations. The two Workforce Boards tested did not consistently ensure that their child care contractors entered accurate child care information into TWIST from the service authorizations.
Examples of errors entered in TWIST at both Workforce Boards included inaccurate dates of birth, Social Security numbers, and spelling of the name of the child and/or caregiver. This key information entered from the child care service authorizations are used by DFPS during billing to reconcile and process payments. Accurately entering this information is important to minimize the number of payment rejections that TWC and Workforce Boards must address during the contract year.
DFPS should improve the timeliness of its monthly billing rejection reports to TWC. Upon receipt of TWC’s monthly invoices, DFPS reconciles data in its case management system (IMPACT) with information recorded in TWC’s TWIST system for key child, caregiver, and payment information.
If the required number of key fields in TWIST does not reconcile to the information in IMPACT for the child and caregiver, then IMPACT will automatically reject payment for those services included in the monthly invoices. The rejected payments are then reviewed by DFPS staff, who list the payments that TWC must resolve in a rejection report that is provided to TWC.
DFPS did not provide TWC with billing rejection reports on a monthly basis as required by its child care contract for 6 (35.3 percent) of the 17 months tested. However, subsequent reports did include the rejected payments for the months missed. Not providing TWC the billing rejection reports on a timely basis may create workload issues for TWC and Workforce Board staff and may attribute to a longer contract closeout process.
TWC had certain information technology controls in place to protect the information in TWIST. In addition, TWC had controls in place to help ensure that confidential communications are sent securely. Specifically, TWC had:
- Documented information technology security policies readily available to employees that provide for the overall direction and implementation of information technology security.
- Appropriate application controls in place over key fields in TWIST.
In addition, there were controls in place to ensure that electronic communications among DFPS, TWC, and the Workforce Boards containing confidential information were sent securely.
However, TWC did not verify that Workforce Boards and their contractors were conducting user access reviews as required. Auditors identified instances in which user access to TWIST, as well as systems used locally at the two Workforce Boards that contained confidential child care information, was not appropriately restricted. Not ensuring that user access is regularly reviewed and appropriate increases the risk of exposure of personally identifiable information for children in protective services and their caregivers. TWC and the Workforce Boards' management asserted that those individuals’ access was subsequently updated after auditors brought the issue to their attention.
Graphics, Media, Supporting documents