BILL NUMBER: AB 1538AMENDED BILL TEXT AMENDED IN ASSEMBLY MARCH 13, 2012 INTRODUCED BY Assembly Member Cook ( Coauthors: Assembly Members Nestande, Portantino, and Silva ) ( Coauthors: Senators Dutton and Harman ) JANUARY 24, 2012 An act to addSections 12430 andSection 12433 to,the Government Code, relating to audits. LEGISLATIVE COUNSEL'S DIGEST AB 1538, as amended, Cook. Recovery audits. Existing law prescribes the duties of the Controller, including auditing all claims against the state and the disbursement of state money, for correctness, legality, and for sufficient provisions of law for payment.This bill would require the Controller, State Auditor, and the Director of Finance to prepare plans each year to meet their audit responsibilities and to meet to review their plans.This bill wouldalsorequire the Controller to contract with consultants to provide semiannual recovery audits of state agencies with expenditures exceeding $50,000,000 in a fiscal year, unless excepted by regulation. The bill would authorize reasonable payment to consultants from recovered overpayments, upon appropriation, including as a percentage of recovery.ItThe bill would require contracts made under its provisions to apply the same confidentiality provisions to consultants as are applicable to the Controller, the state agency that is subject to the audit , or employees of the Controller or the state agency.ItThe bill would further require the Controller to provide copies of the consultants' audit reports to the Department of Finance and the State Auditor, and would, until January 1, 2017, require annual reports by the Controller to the Legislature summarizing these audits. Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no. THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:SECTION 1.Section 12430 is added to the Government Code, to read: 12430. Annually, the Controller, the State Auditor, and the Director of Finance shall each prepare a plan to meet their audit responsibilities. With respect to audits to fulfill the requirements necessary for the receipt of federal funds, the State Auditor shall be primarily responsible for financial audits, and the Director of Finance or the Controller shall be primarily responsible for compliance audits, and the Director of Finance shall be primarily responsible for coordinating state agency internal audits and determining when agencies are required to obtain federally mandated audits. Upon completion of these audit plans, the Controller, State Auditor, and Director of Finance shall meet to review and discuss the plans with the purpose of coordinating their audit efforts to avoid unnecessary duplication and negotiation with federal agencies regarding federally mandated audits. Subsequent to their review of the audit plans and negotiations with federal agencies if the Controller, the Director of Finance, or the State Auditor determines that the proposed audit plan of the other does not fulfill all audit requirements necessary for the receipt of federal funds, they may expand the scope of their audit of state agencies to meet the additional federal audit requirements. The financial audit report issued by the State Auditor and the compliance audit report issued by the Controller, the Director of Finance, or both, are intended to fulfill federally mandated audit requirements. These audit reports shall be performed in accordance with the "Standards for Audits of Governmental Organizations, Programs, Activities and Functions," published by the Comptroller General of the United States, and the standards published by the American Institute of Certified Public Accountants. Nothing in this section shall be construed to limit, restrict, or otherwise infringe upon the duty of the State Auditor to conduct annual financial audits or to limit, restrict, or otherwise infringe upon the authority of the Joint Legislative Audit Committee to direct the State Auditor to conduct any audit of state government pursuant to Chapter 6.5 (commencing with Section 8543) of Division 1 of Title 2. Nothing in this section shall be construed to limit, restrict, or otherwise infringe upon the audits required by Section 12433, which are separate from and in addition to any federally mandated audits except those federally mandated audits that are conducted by contract consultants and as provided by Section 12433.SEC. 2.SECTION 1. Section 12433 is added to the Government Code, to read: 12433. (a) Notwithstanding subdivision (a) of Section 8546.4, or any other law, the Controller shall contract with one or more consultants to conduct semiannual recovery audits of payments made by state agencies to vendors. The audits shall be designed to detect and recover overpayments to the vendors and to recommend improved state agency accounting operations. (b) A contract under this section may provide reasonable compensation for services provided under the contract, including compensation determined by the application of a specified percentage of the total amount recovered because of the consultant's audit activities or recommendations as a fee for services. A contract may permit or require the consultant to pursue a judicial action in court inside or outside this state to recover an overpaid amount. To allow time for the performance of any existing state payment auditing procedures, a contract under this section may not allow a recovery audit of a payment during the 180-day period after the date the payment was made. (c) The Controller or a state agencywhose payments arethat is being audited pursuant to this section may provide a consultant under this section with any confidential information in the custody of the Controller or state agency that is necessary for the performance of the audit or the recovery of an overpayment, to the extent that the Controller or state agency is not prohibited from sharing the information under an agreement with another state or the federal government. A person acting under a contract authorized by this section, and each employee or agent of that person, is subject to all prohibitions against the disclosure of confidential information obtained from the state in connection with the contract that apply to the Controller or applicable state agency or an employee of the Controller or applicable state agency. A person acting under a contract authorized by this section or an employee or agent of that person who discloses confidential information in violation of this subdivision is subject to the same sanctions and penalties that would apply to the Controller or applicable state agency or an employee of the Controller or applicable state agency for that disclosure. (d) The Controller shall require that these semiannual recovery audits be performed on the payments to vendors made by each state agency that has total expenditures during a fiscal year in an amount that exceeds fifty million dollars ($50,000,000). Each state agency described by this subdivision shall provide the recovery audit consultant with all information necessary for the audit. The Controller may exempt from the mandatory recovery audit process a state agency that has a low proportion of its expenditures made to vendors, according to the criteria that the Controller adopts by regulation after consideration of the likely costs and benefits of performing recovery audits for agencies that make relatively few or small payments to vendors. (e) A state agency shall pay, from recovered moneys appropriated for the purpose, the recovery audit consultant responsible for obtaining for the agency a reimbursement from a vendor. A state agency shall expend or return to the federal government any federal money that is recovered through a recovery audit conducted under this section. The state agency shall expend or return the federal money in accordance with the rules of the federal program through which the agency received the federal money. (f) The Controller shall provide copies, including electronic form copies, of any report received from a consultant contracting under this section to the Director of Finance and the State Auditor not later than the seventh day after the date the Controller receives the consultant's report. Not later than January 1 of each year, the Controller shall issue a report to the Legislature summarizing the contents of all reports received under this section during the immediately preceding fiscal year. (g) For purposes of this section, "overpayment" includes a duplicated payment made to a vendor for a single invoice, the amount of a discount available from a vendor that was not applied, and the amount of any of the following: (1) A late payment penalty that was improperly applied by the vendor. (2) Excess shipping costs that were incorrectly computed or incorrectly included in an invoice. (3) Payment for a good or service that the vendor did not provide. (4) State sales tax. (h) (1) The requirement for submitting a report to the Legislature pursuant to subdivision (f) is inoperative on January 1, 2017, pursuant to Section 10231.5. (2) A report to be submitted under subdivision (f) shall be submitted in compliance with Section 9795.