LANSING, Mich. (WOOD) — A new audit highlighted another mistake for Michigan’s Unemployment Insurance Agency.
The audit, released this month by the state’s Office of the Auditor General, found that the agency which was riddled with fraudulent claims during the start of the COVID-19 pandemic also fell short of adequately protecting residents’ tax information.
The primary objective listed in the audit was to discern whether the UIA or the Department of Technology, Management and Budget adequately implemented security and access controls over its two systems, MiDAS and MiWAM.
MiDAS — the Michigan Integrated Data Automated System — is used by the UIA to collect unemployment taxes from employers and pay out unemployment benefits to people who qualify. MiWAM — the Michigan Web Account Manager — is the system that allows people collecting unemployment benefits to manage their claims.
According to the audit, the UIA is responsible for ensuring the security of both systems, while the DTMB and its outsourced vendor are responsible for maintaining the infrastructure. The audit concluded that the DTMB was effective, but the UIA fell short on security measures.
The audit found through sampling that the UIA did not perform a background check on an estimated 80% of its employees and 60% of them did not complete safeguard training from the Internal Revenue Service. It also found an estimated 69% of former UIA employees still had access to MiDAS and 67% still had access to remotely log into state networks.
“The Michigan Unemployment Insurance Agency has made significant operational changes over the past six months to enhance responsiveness and problem-solving. After more than a decade of disinvestment in UIA, there is still more work to do,” UIA Director Julia Dale said in a statement.
Dale, who has worked for the state and held leadership roles for more than 20 years, was leading the DTMB when Gov. Whitmer appointed her to take over the UIA last October. She took over when acting director Liza Estlund Olsen stepped down. Estlund Olsen took over for Steve Gray, who resigned in November 2020 as complaints piled up against the UIA for struggling to register and disperse unemployment funds.
Dale said a new criminal history check and fingerprinting policy was issued last month and that all state users who have access to federal tax information must go through IRS safeguard training. An internal controls analyst will also be required to monitor logs and records on a weekly basis and access to MiDAS will now only be granted on a case-by-case basis, depending on an employee’s job description.
“With these changes, UIA has in place robust policies and practices that we are confident will begin to restore the public’s confidence in our agency,” Dale stated.
The UIA has been a key target for criticism in the state’s handling of the pandemic. More than $4.3 billion were wrongly paid out to people who should not have qualified for unemployment benefits.
UIA officials blame miscommunication between the U.S. Department of Labor on the mix-up, saying they used the wrong criteria to determine eligibility. Earlier this month, the state announced people who mistakenly received that money will no longer be forced to pay it back.
Multiple employees at the UIA, including a former claims manager and a woman hired to help handle the onslaught of new cases, have been charged with fraud for their roles in skimming from the agency. The claims manager has pleaded guilty to approving knowingly fraudulent claims in exchange for kickbacks. He is set to be sentenced in July.