42
and to the extent practicable, observations of DUI’s operations. Generally,
transactions were selected for testing based on auditor judgment, which primarily
considers risk, the timing or dollar amount of the transaction, or the significance
of the transaction to the area of operation reviewed. As a matter of course, we do
not normally use sampling in our tests, so unless otherwise specifically indicated,
neither statistical nor non-statistical audit sampling was used to select the
transactions tested. Therefore, unless sampling is specifically indicated in a
finding, the results from any tests conducted or disclosed by us cannot be used to
project those results to the entire population from which the test items were
selected.
We also performed various data extracts of pertinent information from the State’s
Financial Management Information System (such as revenue and expenditure
data). The extracts are performed as part of ongoing internal processes
established by the Office of Legislative Audits and were subject to various tests to
determine data reliability. We determined that the data extracted from this source
were sufficiently reliable for the purposes the data were used during this audit.
We also extracted data from the Maryland Automated Benefits System, the
Maryland Unemployment Insurance Tax System, and BEACON, as well as from
certain other State records, such as those maintained by the Maryland Department
of Health, for the purpose of testing unemployment tax payments and
reimbursements related to benefit claims and payments. We performed various
tests of the relevant data and determined the data were sufficiently reliable for the
purposes the data were used during the audit. Finally, we performed other
auditing procedures that we considered necessary to achieve our audit objectives.
The reliability of data used in this report for background or informational
purposes was not assessed.
DUI’s management is responsible for establishing and maintaining effective
internal control. Internal control is a process designed to provide reasonable
assurance that objectives pertaining to the reliability of financial records;
effectiveness and efficiency of operations, including safeguarding of assets; and
compliance with applicable laws, rules, and regulations are achieved. As
provided for in Government Auditing Standards, there are five components of
internal control: control environment, risk assessment, control activities,
information and communication, and monitoring. Each of the five components,
when significant to the audit objectives, and as applicable to DUI, were
considered by us during the course of this audit.
Because of inherent limitations in internal control, errors or fraud may
nevertheless occur and not be detected. Also, projections of any evaluation of