1 / 79

FFY2010

FFY2010. EAP Annual Training. Section 2.0 Risk Management. Includes Risk Assessment , Risk Mitigation (Dup Check) , Data Practices, Debtor Exemption Claim Notice and Security. August 12 & 13, 2009 St. Cloud Minnesota Holiday Inn. Risk Management. 2. Risk Management.

Download Presentation

FFY2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. FFY2010 EAP Annual Training Section 2.0 Risk Management Includes Risk Assessment, Risk Mitigation (Dup Check), Data Practices, Debtor Exemption Claim Notice and Security August 12 & 13, 2009 St. Cloud Minnesota Holiday Inn

  2. Risk Management 2. Risk Management • Involves Identifying priority activities within the organization for risk assessment by considering area that materially impact the financial position and results of operations (e.g., assets, liabilities, revenues, expenses or expenditures account balances that are material in dollar amount)

  3. Risk Management Risk Management Introduction • Major part of ICF • Local, regional and natural disaster and technical failure planning are only a part of risk management • Focus is on managing the risk of improper use of public funds • This year the concept was introduced into the Local Plans • Looking for a single, not a homerun this year • Build on this each year

  4. Risk Management What is Risk Management? • Lessening adverse impact if a risk event occursis the heart of good risk management • Assuring events do not result in disaster • It is geared towards potential events that may occur when things are different from planned, sometimes called omissions and errors Above & Beyond Program Design: • Core EAP design addresses risk with controls policies, technical support (eHEAT), segregation of duties & monitoring services and financial activities. EAP has controls to reduce the possibility of the actions of an individual creating incident, error or fraud. • Service Providers create detailed plans for their activities to assure, among other things, segregation of duty & back up plans if loss of staff.

  5. Risk Management Risk Management Risk management involves: • Determining • Assessing • Planning • Monitoring • Mitigating

  6. Risk Management EAP Role In Risk Management • General Expectations • Acknowledge your responsibility to design, implement & maintain the control structure • Contribute direction to identify, prioritize and review risks and controls • Remove obstacles for compliance; remedy control deficiencies • Conduct self-assessment & testing to monitor the controls within your processes • Routinely (Quarterly): • confirm key controls are implemented and effective • maintain documentation to support this assessment • Immediate Action Items • Educate your personnel about this effort • Reinforce internal focus on controls within your area • Surface any risks, concerns or issues promptly to allow adequate attention for correction • Fix control gaps as soon as possible

  7. Risk Management Risk Considerations • Evaluate the nature & types of errors & omissions that could occur, i.e., “what can go wrong” • Consider significant risks (errors and omissions) common in the industry or have been experienced in prior years (ex.: Mich, Penn) • Information Technology risks (i.e. - access, backups, security, data integrity, non-segregation of duties) • Areas where segregation of duties would reduce risk • Volume, size, complexity and homogeneity of the individual transactions processed through a given account or group of accounts (revenue, receivables) • Susceptibility to error or omission as well as manipulation or loss • Robustness versus subjectiveness of the processes for determining significant estimates • Extent of change in the business and its expected effect • Other risks extending beyond potential material errors or omissions in the financial statements

  8. Very busy, train is flying and school buses cross, crossing gates Risk Management Risk Considerations • Consider a railroad crossing and developing appropriate controls • A rural road with little traffic & slow train, a sign • A busier road & train is faster, add lights & crossing sign at tracks

  9. Risk Management Risk Management Mechanics • The risk assessment tool reduces risk when used to identify, assess, plan for & maintain routine monitoring of risk areas

  10. Risk Management Risk Management Mechanics

  11. Item Example

  12. Item Example

  13. Item Example

  14. Item Example

  15. Item Example

  16. Item Example

  17. Risk Management Risk Management Example

  18. Risk Management Risk Management and EAP • The Local Plan requires risk assessment. • The State has started to conduct formal risk assessment • State & Service Providers identify risk and use program specific knowledge to do diligent planning, monitoring and actions for these risks. • The State will continue to develop risk management requirements and practices. Examples include: • Duplication Checks and other queries • The FFY2010 Local Plan is a first step of formalizing the SP process • SP should design practices to improve it • DOC will support the development of competency in this area • DOC will conduct risk management activities

  19. Risk Management Dup Check • Dup Check is not a Russian hockey player • Dup Check is not a quality control effort • Dup check is a risk mitigation activity • EAP must do due diligence on risk areas to assure responsible management of public funds

  20. Risk Management Why Dup Check on Vendor Accounts? • Payments to vendors accounts is the main way money money flows • Using it as a key, there cross checks with other data:

  21. Risk Management Dup Check Procedure for FFY2010 Overview • DOC will periodically produce a matching account numbers list (Early & often to keep effort sizable). • SP will receive a secure email with their list. • SP investigates by performing the following processes: • Analyze & validate reason match is correct • Escalate as needed (Detail in the following slides) • Take appropriate corrective action • Document results and report

  22. Risk Management Dup Check Procedure for FFY2010 • Step 1: Validate the Reason for Match Is Correct • If you know a valid reason for duplication enter the reason for the duplicate vendor account number on the spreadsheet • Look at paper application and file. Determine probable reason and escalate appropriately. • Ask household(s) to explain if appropriate occurrences and record finding in list Examples: One household moved out and now rents the house to a relative who applied for EAP. Building has multiple units with one landlord account.

  23. Risk Management Dup Check Procedure for FFY2010 • Step 2: Duplicate Application Error • Take corrective action including recalling funds • Close duplicate applications • Record an explanation of your determination on the spreadsheet

  24. Risk Management Dup Check Procedure for FFY2010 • Step 3. Duplicate Application – Fraud Suspected • Review previous years and review all the information provided • Take corrective action including recalling funds • Submit an incident report • Close duplicate applications • Record an explanation on the spreadsheet Investigate fraud, report to officials and follow EAP Policy Manual Chapter 17

  25. Risk Management Dup Check Procedure for FFY2010 Step 4: Return list with validation or actions to DOC • The completed list (Excel spreadsheet) with explanations is due at eap.mail@state.mn.us • A deadline will be prescribed. DOC tracks compliance. • Delete the household’s private data (name, SSN, address, vendor account name) before returning the spreadsheet. Contact your EAP field representative if you have any questions.

  26. Risk Management Dup Check Procedure for FFY2010 Best & Other Practice • Applications with the same vendor for Heat & Electric should list the vendor once, choose heat and electric as vendor type. Less likely to get false positives for risk and best for application processing. • Need to report issues and non issues. As a program we need to assure we have done due diligence to protect the integrity of the program • Late report will result if you don’t respond to request

  27. Risk Management Data Practices in the EAP Manual Chapter 19. DATA PRACTICES AND RECORDS p. 120

  28. Risk Management Chapter 19. DATA PRACTICES AND RECORDS • Data Practices Policies and Procedures, Private Data • Who has access • Who does not • Must be released to the individual or to a 3rd party with consent • Social Security Number for EAP Applications • Optional

  29. Risk Management Chapter 19. DATA PRACTICES AND RECORDS • Application Documentation, p. 122 • Where and how to save application documentation • Security Of Records, p. 123 • List of requirements to secure records • Records Accessibility, p.124 • What it means to have access to records • Reasons for maintaining access to records • Record Retention Requirements, p.124 • Records to retain

  30. Risk Management Informed Consent For Release Of Information • Informed consent is needed when the information will be given or sent to a third party. • Example: Garnishment information requests often go to an attorney • “Informed consent” are key words that need to be taken at face value • The statute is very specific about what must be included in an informed request

  31. Risk Management Data Practices Focus • Develop a good working relationship with the data practices contact in your agency, if there is one • Plan – Have a written policy • Who will have authority to see private data • Who will have authority to release private data • How your agency will maintain data security in all situations • How you will request private data and document the request • How you will maintain documentation of requests for private data • How you will train staff on data privacy requirements • Use centralized authority in the agency, if any • Centralize authority in EAP, if possible

  32. Risk Management Plan - Local Procedures Needed • To request information allowed by the application consent so the request is done in a consistent manner and so each request is documented • Best practice is for the local procedures to use a form for requesting information by letter or e-mail and a format for documenting a request by telephone

  33. Risk Management Minnesota Department of Administration Information Policy Analysis Division – IPAD • The State authority on Data Practices • If you have questions about information policy laws, including Minnesota’s Data Practices Act and the Open Meeting Law, you’re at the right place. Look over the resources on this website or give us a call. (Copied from IPAD website)http://www.ipad.state.mn.us

  34. Risk Management New Technology – New Data Practices • Laptop Security • Imaging Equipment • Data access • Data storage • Data retrieval and back-up • Best Practice – Before destroying paper documents • Make sure it all works • Every imaged document is accessible and as readable • No problems exist regarding record retention

  35. Risk Management Electronic Records Management Guidelines • Recommended by IPAD • Minnesota Historical Society http://www.mnhs.org/index.htm - home page http://www.mnhs.org/preserve/records/electronicrecords/erintro.html Imaging/scanning and storage of household files • Which Minnesota laws apply to electronic records? • How do we use electronic records to help ensure public accountability while ensuring that not-public records are protected? • Who is responsible for developing our electronic records management strategy? • How do we dispose of electronic records? • Should we manage our electronic records differently from our paper records? • How do we know what information is an electronic record? • Is an electronic copy of a record an acceptable substitute for the original? • Does an electronic record have the same legal significance as a paper record?

  36. Risk Management eHEAT Security and Agreements • Levels of authority • State Data Base Administrator • Local (or vendor) eHEAT Administrators • Administrative Change Process, Chapter 3, p. 16 • Local (or vendor) users • Agreements—Annual • See EAP Tools on website www.energy.mn.gov

  37. Risk Management Summary of Data Practices • Staff should know: • What private data is and how it relates to EAP • What data they can reveal and what they need to do to assure they aren’t violating data privacy • How to document information they have revealed • Staff with authority to release private data should know: • All of the above • The SP-approved processes for following up on data requests • Agency management should: • Support the data practices activities with knowledge and practical resources

  38. Debtors Exemption Claims

  39. Debtors Exemption Claims (Issue) • Collection Firms are asking for information beyond what the manual states that we have to tell them • They are saying that unless we tell them when payments were made, they will not honor the garnishment exemption (sometimes people lie) • We need a universal form that gives only the information that they need

  40. Debtor’s Exemptions Claims (Solution) • You don’t need to be experts in the law but you do need to know and understand it • There were changes made to the law for 2009 • Garnishment firms need to be told EAP rules and timelines by you; • You are the EAP expert!

  41. Debtors Exemption Claims • Many of you may have already seen these requests • A household is being pursued to pay a debt by a third party collection agent that may or may not be an attorney • The collection agents use tools like garnishment of wages and levies aka “Freezing” of the bank accounts • The law provides certain protections of some or all of their money in certain situations, for certain people • The form used to claim these protections is called an “Exemption Notice”

  42. Debtors Exemption Claims Some or all of their money is protected if: • The source of the money is Government benefits such as Social Security benefits; Unemployment benefits; Workers' compensation; or Veterans benefits • They currently receive other assistance based on need • They have received government benefits in the last six months • They were in jail or prison in the last six months Some or all of their earnings (wages) are protected if: • They get government benefits (see list of government benefits) • They currently receive other assistance based on need • They have received government benefits in the last six months • They were in jail or prison in the last six months

  43. Debtor’s Exemptions Claims Law • The legislation, which will become effective on Aug. 1, 2009, updates the exemption process and makes technical changes to the current law • The legislation modifies legal requirements regarding levies and garnishments and expedites the process for both the creditor and debtor and makes the following revisions to the current garnishment law: • Modifies the process; • Updates forms; • Creates a new notice of intent to garnish; • Alters the exemption form and creditor’s exemption form; and • Adjusts timing requirements. • It does not change the intent of existing law or impact current or future case law (quote from the new law)

  44. Debtors Exemption Claim Laws • Website: MN office of the Revisor of Statues • Index of the laws relating to Fuel Assistance in MN • https://www.revisor.leg.state.mn.us/statutes/?topic=202092 • Address of the website with the new law • https://www.revisor.leg.state.mn.us/laws/?id=31&doctype=chapter&year=2009&type=0

  45. Debtor’s Exemption Claim Form • Section 1. Minnesota Statutes 2008, section 550.143, is amended to read: 550.143 LEVY ON FUNDS AT A FINANCIAL INSTITUTION. • Form of notice. The notice required by subdivision 3 must be provided as a separate form and must be substantially in the following form: • EXEMPTION FORM • HOW MUCH MONEY IS PROTECTED..... • I claim ALL of the money being frozen by the bank is protected...... • I claim SOME of the money is protected. The amount I claim is protected is $.......

  46. Debtor’s Exemption Claim Form WHY THE MONEY IS PROTECTED • My money is protected because I get it from one or more of the following places: (Check all that apply)..... • Government benefits include, but are not limited to, the following: • MFIP - Minnesota family investment program, MFIP Diversionary Work Program, Work participation cash benefit,GA - general assistance, EA - emergency assistance, MA - medical assistance, GAMC - general assistance medical care, EGA - emergency general assistance, MSA - Minnesota supplemental aid, MSA-EA - MSA emergency assistance, Food Support, SSI - Supplemental Security Income, Minnesota Care, Medicare part B premium payments, Medicare part D extra help, • Energy or fuel assistance.

  47. Debtor’s Exemption Claim Form • Government benefits also include:..... Social Security benefits..... Unemployment benefits..... Workers' compensation..... Veterans benefits • If you receive any of these government benefits, include copies of any documents you have that show you receive Social Security, unemployment, workers' compensation, or veterans benefits...... • Other assistance based on need You may have assistance based on need from another source that is not on the list. If you do, check this box, and fill in the source of your money on the line below: • Case Number:..... County: ... Source: ..... • Include copies of any documents you have that show the source of this money. • Some of your earnings (wages) are protected

  48. Debtor’s Exemption Claim Form • OTHER EXEMPT FUNDS • The money from the following are also completely protected...... • An accident, disability, or retirement pension or annuity..... • Payments to you from a life insurance policy..... • Earnings of your child who is under 18 years of age..... • Child support… • Money paid to you from a claim for damage or destruction of property… • Property includes household goods, farm tools or machinery, tools for your job, business equipment, a mobile home, a car, a musical instrument, a pew or burial lot, clothes, furniture, or appliances...... • Death benefits paid to you

  49. Debtor’s Exemption Claim Form • I give permission to any agency that has given me cash benefits to give information about my benefits to the above-named creditor, or its attorney. • The information will ONLY concern whether I get benefits or not, or whether I have gotten them in the past six months • If I was an inmate in the last six months, I give my permission to the correctional institution to tell the above-named creditor that I was an inmate there. • There are additional instructions and timelines in the new law that I did not include here, but would encourage you all to take a look at so you’re familiar

  50. Debtor’s Exemption Claims and EAP • A person's wages are exempt if they currently receive need based aid, or have been a recipient within the last 6 months • Households are now required to provide bank statements with the exemption notices • The creditor is looking for some proof that the debtor currently receives EAP or was a recipient in the last 6 months • Will need additional help from us unless they received a direct payment • A benefit statement from us will suffice • So, here’s what you need to do • The new export will contain information on payments and dates • Redact what is unnecessary (payment amounts) • If they demand more you can refer them to the state

More Related