U.S. DEPARTMENT OF LABOR Employment and Training Administration Washington, D. C. 20210 |
CLASSIFICATION
UI |
| CORRESPONDENCE
SYMBOL
TEUMC | |
| ISSUE
DATE
August 4, 1987 | |
| RESCISSIONS
UIPL 11-83 | EXPIRATION
DATE
July 31, 1988 |
DIRECTIVE |
: |
UNEMPLOYMENT INSURANCE PROGRAM LETTER NO. 34-87 |
TO |
: |
ALL STATE EMPLOYMENT SECURITY AGENCIES |
FROM |
: |
DONALD J. KULICK |
SUBJECT |
: |
Unemployment Insurance (UI) Internal Security Risk Analysis (Vulnerability Assessment) |
Purpose. To rescind UIPL No. 11-83 and transmit revised policy and guidance on internal controls in the UI program.
Reference. ET Handbook No. 376; GAL No. 43-81; UIPL No. 11-83.
Background. Since Fiscal Year (FY) 1982, ETA has allocated resources for the Internal Security program in each State Employment Security Agency (SESA). SESAs need to continue to strengthen the UI internal security program by establishing sound internal security systems and internal controls and should, through UI risk analyses, continue to review the susceptibility of the UI program to loss by fraud, waste, abuse or unauthorized use of UI resources.
Policy. All SESAs shall assure a risk analysis is conducted covering all UI program-operations when major system changes occur, but not less than once every three years. Such risk analyses should be used to determine the effectiveness of SESA UI program internal controls. The analysis may be completed as a separate review or as a part of an overall audit of agency operations, as established in OMB Circular No. A-128.
UI risk analyses should be conducted when changes occur such as: significant changes to UI law, program, or personnel; implementation of new programs; changes in computer and physical security; recent errors or irregularities are detected. The risk analysis should take into account procedural and/or systems changes during the interval since the last risk analysis.
Within each 3-year period, the risk analysis should encompass the assessment of the vulnerabilities in the following SESA/UI functions as appropriate:
UI Division
UI Benefits
Benefit Determinations
Benefit Payments
UI Technical Services
Interstate Claims
Special Programs
Benefit Records
Appeals (Lower Authority)
Returned Benefit Checks
Claimant Addresses
Benefit-Accounting
UI Tax/Contributions
Employer Status
Employer Records
Tax Collections
Cashier
Experience Rating
Tax Audit
Delinquent Tax Accounts
Tax Refunds
Tax Accounting
Field Operations (Local Offices)
Staff Functions
Procedure Development
Benefit Payment Control
Research and Statistics
Quality Control
Microcomputer Control and Authorization
Data Processing Installation
Application Programming
Technical Support
Computer Operations
Production Control
Administrative/Management Services
Personnel Department
Supply Room/Warehouse
Mail Room
Forms Design and Printing
Contracting and Procurement
Facilities Management
Staff Functions Reporting to the SESA Director
Legal Staff
Appeals Board (Higher Authority)
Internal Security/Investigations (SESA)
Financial Management
Program Budget Plan
Fund Accounting
Responsibility. Each SESA shall assure a risk analysis of its UI program is conducted this FY, if one has not been done in the last three years. Thereafter, a risk analysis of the SESA UI program shall be done at least once every three years. The risk analysis must be conducted within existing resources.
Action Required. All SESA Administrators shall:
Develop an action plan, including scope of the review, schedule, methodology and resources to be used in conducting and completing a risk analysis of the SESA's UI operations.
Submit a copy of their planned risk analysis schedule for each upcoming FY to the appropriate Regional Office by September 1st for that year.
Inquiries. Refer all questions to the appropriate Regional Office.