LBA Performance Audit Report Summary:

Insurance Procurement Practices Performance Audit Report – September 2006

[Read the full report in Adobe .PDF format - 3.5 MB]

The purpose of the audit was to examine the State’s insurance and related service procurement practices, statewide controls over insurance and related service procurement, the State’s utilization of insurance producers, and planning for self-insured active and retired State employee health benefits. The audit period included State fiscal years 1998 through 2005.

Findings

The Department of Administrative Services (DAS) was primarily responsible for risk management, employee benefits, and procurement of insurance and related services. Risk management and related procurement activities were handled by the Bureau of Risk Management (BRM) while the Division of Personnel administered employee benefits and related procurement activities. Our audit presents 39 Observations with recommendations, seven of which recommend Legislative action. The first Observation addresses overall management control within the DAS, 20 Observations detail specific issues with various aspects of DAS management control, and 18 Observations address the procurement processes we found in use during the audit period.

Improve Management Controls

The DAS lacked adequate management controls to ensure efficient and effective operations of the programs and functions we reviewed. We found reactive management and the DAS reorganized itself into a structure neither complying with State law nor the Department’s own administrative rules. The DAS placed management responsibility for the employee health benefits program with the BRM and the State lacked a comprehensive, formal plan to effectively administer the program.

The State lacks a comprehensive approach to managing risk. The BRM operates the State’s risk management program without statewide identification of loss exposures and purchases commercial insurance without identifying cost effective means for protecting against various types of losses as required by statute. The BRM procures liability insurance without a complete evaluation of the State’s adoption of the doctrine of sovereign immunity.

DAS management has not promulgated adequate risk management-related administrative rules and the BRM does not have comprehensive written policies and procedures governing major Bureau functions including insurance procurement, contract review, and external technical assistance. The BRM functions as a satellite human resources, purchasing, training, and business office; all leading to inefficiencies. Control over many insurance procurements was vested in one individual within the BRM contrary to good management control.

The State’s self-insured employee health benefit program is largely unregulated. There are no administrative rules or policies and procedures for managing State employee health benefits and the State implemented its current self-insured employee health benefits program without finalized summary plan documents to guide contracted plan administrator actions and fully inform active State employees, retirees, and qualified dependants of their benefits. The DAS places full responsibility for health benefit claims appeals with the contracted third party administrator.

We found no DAS information management system, rules, or policies and procedures. Communication between the BRM and other State agencies was inadequate to ensure management control of the State’s risk management program and insurance and related services procurement. The DAS internal auditor engaged in operational functions by participating in multiple procurement processes contrary to statute and best practice. The DAS did not conduct any internal review or audit of its management controls, risk management, procurement functions, or other areas related to the topics we reviewed during this audit.

Improve Procurement Practices

The State’s procurement system remains decentralized and does not support efficient and effective insurance and related service procurement. The BRM inconsistently followed public procurement best practice and requirements of State law, administrative rule, and policy in procuring insurance and related services. The BRM routinely sole-sourced contracts under $5,000 and sole-sourced ‘specialty line’ insurance contracts over $5,000. The BRM lacked data quantifying State risk, policies and procedures to obtain such data, and loss control programs to mitigate related risks. Despite these and other shortcomings, the BRM procured numerous insurance policies covering State-owned real property without cost-benefit or similar analysis. Additionally, adequate competition was not always available to the State in several instances and we found no evidence of a contract or other formalization of the State’s relationship with the State’s defensive driver course vendor or the use of competitive procurement to obtain these services. Several significant insurance procurements lacked Governor and Executive Council (G&C) approval and the Bureau contracted with non-resident unlicensed producers for some insurance contrary to statute.

Producers assisting the State with employee health benefits were assigned the business of acting on the State’s behalf without any formal procurement process or contract protecting State interests. The BRM entered into a two-year contract with an unlicensed insurance consultant for actuarial, claims audit, and employee health benefit consulting services. The BRM does not include adequate specifications for insurance producer services in its RFP or as criteria for awarding insurance contracts.

The Division of Personnel administered fully-insured health benefits for active and retired State employees until 2003 when BRM assumed this responsibility. Employee benefit and ancillary service procurements for active and retired State employees require additional oversight. Our file review found noncompliance with procurement principles and standards in each of the five public procurement steps: 1) planning, 2) soliciting, 3) vendor selection, 4) contract execution, and 5) contract monitoring. Retiree health insurance procurement lacked a formal procurement process, relied on inadequate agreements or lacked written agreements altogether, and was sole-sourced by the DAS without the required full and complete justification or G&C approval from SFY 1998 through 2003. Active employee health insurance procurement lacked comprehensive planning as best practice requires, and did not always benefit from public notice for RFPs. Further, the DAS inappropriately sole-sourced employee life insurance services.