SENATE MEMBERS HOUSE MEMBERS

Robert Stivers David W. Osborne

President, LRC Co-Chair Speaker, LRC Co-Chair
David Givens David Meade
President Pro Tempore Speaker Pro Tempore
Damon Thayer Steven Rudy
Majority Floor Leader Majority Floor Leader
Morgan McGarvey Joni L. Jenkins
Minority Floor Leader
LEGISLATIVE RESEARCH COMMISSION Minority Floor Leader
State Capitol 700 Capital Avenue Frankfort KY 40601 Suzanne Miles
Julie Raque Adams
Majority Caucus Chair 502-564-8100 Majority Caucus Chair
Reginald Thomas Derrick Graham
Minority Caucus Chair Capitol Fax 502-564-2922 Minority Caucus Chair
Annex Fax 502-564-6543 Chad McCoy
Mike Wilson
Majority Whip legislature.ky.gov Majority Whip
Dennis Parrett Jay D. Hartz Angie Hatton
Minority Whip Director Minority Whip

MEMORANDUM

TO: Robert Stivers, President of the Senate

David W. Osborne, Speaker of the House
Members of the Legislative Research Commission

FROM: Senator Mike Nemes, Co-Chair, Unemployment Insurance Reform Task Force
Representative Russell Webber, Co-Chair, Unemployment Insurance Reform
Task Force

SUBJECT: Report of the Unemployment Insurance Reform Task Force

DATE: December 1, 2021

OVERVIEW

In May, 2021, the Legislative Research Commission created and authorized the Unemployment Insurance Reform
Task Force. The duties of the task force include, without limitation, the following issues:

1. Review the current unemployment insurance system;

2. Evaluate and discuss possible long term changes to the unemployment insurance system that address the
system’s fiscal well-being and stability;
3. Solicit recommendations from stakeholders and interested parties; and
4. Develop a list of recommendations for the General Assembly to consider related to reform of the
unemployment insurance system.

The task force met monthly during the 2021 Interim of the General Assembly. The task force shall submit findings
and recommendations to the Legislative Research Commission for referral to the appropriate committee or
committees by December 1, 2021.

Membership of the task force was established and the initial meeting was held on June 22, 2021. The membership
is as follows:
Legislative Members:

Sen. Mike Nemes - Co-Chair

Rep. Russell Webber - Co-Chair
Sen. Ralph Alvarado
Sen. Brandon Storm
Sen. Mike Wilson
Sen. David Yates
Rep. Josh Branscum
Rep. McKenzie Cantrell
Rep. Phillip Pratt
Rep. Scott Sharp

Meetings were held on June 22, 2021, July 27, 2021, August 30, 2021, September 28, 2021, October 28, 2021, and
November 30, 2021.

During the June 22, 2021 meeting, members were informed of unemployment insurance issues relating to small
businesses, private providers, and fraud.

During the July 27, 2021 meeting, the Labor Cabinet updated the members on the unemployment insurance system
and processes.

During the August 30, 2021 meeting, the Auditor of Public Accounts presented the results of an audit of the
unemployment insurance system. The members also heard from a constituent regarding issues receiving benefits
and in-person appointments. The members also received a presentation from a non-partisan group that studied
unemployment insurance systems nationwide.

During the September 28, 2021 meeting, the Labor Cabinet provided another update and proposed unemployment
insurance system changes.

During the October 28, 2021 meeting, the Labor Cabinet, the Kentucky Chamber of Commerce, and the
Foundation for Government Accountability provided reform recommendations.

During the November 30, 2021 meeting,

ISSUES DISCUSSED

Benefits

According to the Foundation for Government Accountability (FGA), three steps need to be taken to reform the UI
system: institute smart benefit design, prioritize reemployment, and protect the system from fraud. Unemployment
insurance is intended to be: assistance for laid off workers, intentionally temporary and limited, modeled after
insurance, and paid for by payroll taxes on employers. Unemployment insurance is not designed to be: a long term
full wage replacement, workforce development, a form of disability, or paid for by employees. FGA testified that
its three-step approach will realign Kentucky’s unemployment insurance system so it can operate as intended.

First, FGA recommended that Kentucky institute a smart benefit design. FGA compared Kentucky’s
unemployment insurance system to Florida, North Carolina, and Georgia to demonstrate the changes it believes are
necessary. Those states recreated their unemployment insurance systems to increase competitiveness after the 2008
recession. FGA discussed several successful policies these states adopted including indexing of benefits. An
indexing policy ties the maximum number of unemployment insurance benefit weeks to the state’s unemployment
rate. Florida passed legislation in 2012 implementing an indexing policy which cut the maximum number of
benefit weeks to 9.2, decreased program costs from $333 million to $80 million, reduced employer unemployment
insurance taxes to $1.50 per $1000, and increased the state’s trust fund solvency from -$1.7 billion to $3.9 billion.
According to FGA’s projections, Kentucky could increase its unemployment insurance trust fund by $567 million
over three years and decrease the average unemployment insurance tax by 17.3 percent over five years if indexing
legislation is adopted. Second, FGA recommended that Kentucky adopt policies that prioritize reemployment and
offered policy-models already enacted in other states. These include: more rigorous work search requirements,
mandatory job training, an improved system to allow employers to report work refusals, and a job referral program
linking the unemployed with employers with positions to fill. Third, and lastly, FGA recommended that Kentucky
improve its system security, which is necessary to protect the unemployment insurance trust fund. While Kentucky
has been a leader in this area, there are still steps the state should take, such as locking proven fraudsters out of the
system and heightened flagging of suspicious cases.

The Labor Cabinet recommended implementation of a short time compensation program that would allow for work
sharing between employees in order to avoid layoffs. Individuals would receive a prorated portion of
unemployment insurance benefits, in other words, it would ensure less money than full unemployment insurance
benefits are paid. Employers would be able to keep qualified employees on the payroll. This change would require
statutory amendments and additional staff would likely be required to implement the policy. The Cabinet also
recommended making changes to the temporary and limited statutory provisions which allow for a waiver of
overpayment of benefits through no fault of the employee. Kentucky is one of a handful of states that does not
provide this mechanism.

The Kentucky Chamber recommended several changes originally suggested during the 2019 Regular Session in
House Bill 317, including changes to benefit levels and duration of benefits.

Burdens on Employers

The Kentucky Chamber noted that it is working on suggestions for reforming the unemployment insurance tax
framework in Kentucky in efforts to lessen the burden on employers. The Chamber also noted that the
unemployment insurance trust fund must be replenished. It proposed that federal funds could be used for this
purpose in order to relieve the burden on employers.
Administration of the UI program

The Labor Cabinet restored unemployment insurance in-person services at 13 Kentucky Career Centers and
opened a call center to assist unemployment insurance claimants in April 2021. Between April 15, 2021 and
September 24, 2021, Kentucky Career Center staff attended more than 56,811 in-person appointments. The Office
of Unemployment Insurance (OUI) staff took more than 94,586 calls through the unemployment insurance
helpline.

Staffing for the OUI is regulated by the federal government and guidelines are outlined in unemployment
insurance program letters. Flexible staffing was approved for the OUI in April 2021, which allowed employees
from other state agencies and cabinets to assist with unemployment insurance claims, but the approval expired on
September 6, 2021 and was not extended by the federal government. On March 4, 2021, the Labor Cabinet issued a
written budget request to legislative leadership which included $1.1 million of general fund dollars for fiscal year
2021 and $8.4 million in fiscal year 2022 to provide funding to restore 90 OUI staff positions. The General
Assembly allocated one-time federal funds for these positions.
According to the Labor Cabinet, a one-time allocation of federal funds makes it difficult to attract skilled
employees since it creates short-term employment opportunity without guaranteeing future permanent
employment. It explained that because the General Assembly allocated federal funds for the 90 positions currently
needed, these positions are considered time-limited and will be eliminated after one year when the federal funding
expires. Current state employees are reluctant to fill these positions because they are unstable in comparison to
state-merit positions.

Additionally, the Labor Cabinet testified that Kentucky could be assigned a Tiger Team by the U.S. Department of
Labor. The team is comprised of experts across many disciplines including fraud specialists, equity and customer
service specialists, unemployment insurance program specialists, business intelligence analysts, computer systems
engineers, and project managers. The Tiger Team will conduct extensive discovery assessments, provide resources
for identification verification, and propose solutions to address fraud and equitable access. They will provide the
Labor Cabinet with expert advice based on assessments of what was and was not successful in other states. Federal
funds and grants for modernization will also be identified by the Tiger Team. The eight-week Tiger Team session
began on October 5, 2021.

Recently, Kentucky Career Centers refocused on employment services and began holding regular job fairs. A $1.3
million Reemployment Services and Eligibility Assessment (RESEA) grant from the U.S. Department of Labor
was recently awarded; it is geared towards individuals who have likely exhausted unemployment insurance
benefits. RESEA requires unemployment insurance claimants to go through an orientation, create an individualized
employment plan, and enroll in a case management system.

When COVID-19 infections were surging, Kentucky Career Centers implemented safety protocols to protect staff
and claimants. The protocols include: a mask mandate for staff, work stations that are spaced six feet apart, and a
requirement that staff contact appointment attendees in advance to verify their current health status.

COVID-19 exposure impacted staffing at multiple Kentucky Career Centers. In these cases, in-person
appointments were moved to phone appointments. There are currently 135 Kentucky Career Center staff members
with 25 openings across the state.

From March 2020 to September 19, 2021, a total of 2,426,605 unemployment insurance claims were received and
a total of $6,640,473,258 paid through all unemployment insurance benefit programs. During the 2021 Regular
Session, legislation was passed creating a waiver for overpayment of unemployment insurance benefits.
Unemployment insurance claimants began receiving letters in June 2021 regarding overpayments of
unemployment insurance benefits. There have been 5,780 overpayment claims processed and $8,333,203.78 in
benefits waived thus far. There is currently a back log of about 80,000 unemployment insurance claims, this
includes traditional unemployment insurance claims and all other extended pandemic related unemployment
insurance claims.

The Labor Cabinet explained that of the 400,000 unanswered emails sent to the OUI that were previously
discussed by the Auditor of Public Accounts, only 127,000 of those emails were unique. Of those 127,000 emails,
67,000 were from individuals that are receiving unemployment insurance benefit payments. 24,000 emails still
need to be addressed. All OUI email accounts have been reevaluated to ensure that unemployment insurance
claimants are able to send communications through the proper channels.

Unemployment insurance fraud

Representatives of the Kentucky Chamber of Commerce noted the challenges faced by businesses in combating
fraudulently filed unemployment insurance claims. The US. Department of Labor estimated that over $63 billion
was paid out across the country in improper or fraudulent unemployment insurance claims in the first 12 months of
the COVID-19 pandemic. The Chamber stated concerned that employers ultimately bear the cost of these paid
fraudulent claims since employers pay into the unemployment insurance trust fund. A business that assists
employers in handling unemployment claims noted that phishing emails, debit card scams, job seeker scams, and
phone scams are plaguing an outdated system that is not equipped to handle the large volume of claims.
Discussions were held regarding the time period in which an employer can respond to a claim for benefits.

The Labor Cabinet pointed out that due to HB 413, claims were not paid out of the employers’ unemployment
insurance account. Therefore, there was no negative impact on employers due to payment of fraudulent claims.
Any data breaches that occurred were limited and originated within the OUI. The Cabinet further explained that
adjustments were made to prevent future breaches. This included installing a new front door interface and
changing the PIN code system. The results of four separate audits that the OUI is undergoing will be made public.

Workforce concerns

The Kentucky Association of Private Providers noted that the workforce shortage is a tremendous issue for
providers, it has increased overtime costs. Expanded federal pandemic unemployment assistance payments make it
difficult for providers to find and hire staff. Medicaid reimbursements allow most providers to pay employees
about $10 an hour when the federal pandemic unemployment assistance payments amount to about $15 an hour. In
addition, there have been issues with employees being approved for unemployment insurance benefits that had
been terminated based on allegations of abuse.

The National Federation of Independent Business/Kentucky conducted a statewide survey of its members and
found that about 90 percent of its members had job openings. Some small businesses struggle with unemployment
insurance because they do not have a dedicated human resources staff that are knowledgeable on this topic. Small
business owners are competing with the expanded federal pandemic unemployment assistance payments. A halt to
the expanded federal pandemic unemployment assistance payments was urged.

The Kentucky Chamber emphasized workforce concerns. It noted that workforce participation in Kentucky must
improve. Kentucky is one of the highest states in duration of paid unemployment insurance benefits. The Chamber
recommended changing the definition of “suitable work” and making it more flexible depending upon the duration
of unemployment. Job contacts should be renamed “work search activities” with a definition that explains what
does and does not constitute suitable work search activities to allow for a continuation of benefits. The Chamber
recommended a robust job referral program and a more efficient way for employers to report workers who refuse
interviews or job offers. In addition, work must be done to strengthen the work search audit process within the
Labor Cabinet. Also, the skills gap must be addressed.

Technology concerns

The taskforce meetings prompted discussions about technology and Kentucky’s unemployment insurance system
including: the launch timeline for the upgraded unemployment insurance system, the data breaches of the current
system, the efficacy of the existing digital unemployment insurance platform, and the technology-based fraud
protection mechanisms.

The Request for Proposals (RFP) for upgrades to the unemployment insurance system is currently in its late stages.
The General Assembly passed legislation during the 2018 Regular Session that allows the Service Capacity
Upgrade Fund (SCUF) to be used for the RFP. The new system is estimated to cost around $60 million dollars.
The current amount in the SCUF account is $40 million.

The second round of RFP for a new unemployment system was released on August 27, 2021 and proposals
submitted. Additional language addresses the extensive need for additional system security and requires that the
prime vendor previously implemented a similar updated system in another state or jurisdiction. The project is
estimated to cost about $47.5 million with $30 million being allocated from restricted funds, $10 million allocated
from bond funds, and $7.5 million from the general fund. After a vendor is selected and the contract finalized, it
will take 18 to 24 months to implement the modernized unemployment insurance system.

Several members of the task force stated concerns that the cost of the new system will exceed projected costs. The
Labor Cabinet indicated they share those concerns and are closely monitoring the process.

Data breaches were frequently mentioned during the task force meetings. The Labor Cabinet explained that
adjustments were made to prevent future breaches including installing a new front door interface and changing the
PIN code system. Any person that filed an unemployment insurance claim in the last 20 years was required to reset
their PIN number and verify their identity.

Auditor Harmon indicated he was aware of two data breaches that were not reported in a timely manner. Sara Beth
Gregory added that the Office of Unemployment Insurance was under the Education and Workforce Development
Cabinet in FY 2020, when data breaches occurred.

The Labor Cabinet, Office of Unemployment Insurance (OUI), and Commonwealth Office of Technology (COT)
leadership met for a three day strategic planning session to identify problems and create solutions in order to
improve the unemployment insurance system experience and efficiency. Action items from the session included
the virtual appointment process, claimant website improvements, fraud prevention and detection, and a weekly
data dashboard. Virtual unemployment insurance appointments will be available to claimants with unresolved
issues. OUI will reach out to these claimants starting with the oldest claims first. The online appointment schedule
was rolled out September 27, 2021 with an option to have a phone appointment. The claimant website will be
improved by adding benchmarks to let the claimant know where they are in the claims process, automated
communication for missing information, and a real-time chat function. OUI is also reviewing language on the
claimant website to replace industry specific terminology with easier to understand language.

The Labor Cabinet is launching ID.me, a federally certified technology partner used by the Internal Revenue
Service and Department of the Treasury for secure digital identity verification, in an effort to increase fraud
prevention and detection. A weekly dashboard has been launched to provide weekly updates on the number of:
new initial unemployment insurance claims, continuing unemployment insurance claims, and issues with claims.
Additionally, it will monitor the total number of claims awaiting claimant action and the total number of claims
paid. These issues will continue to be discussed and improved upon through quarterly strategic planning sessions
with the Labor Cabinet, OUI, and COT leadership.

Audit

The Auditor of Public Accounts does an annual audit of the Commonwealth of Kentucky’s Annual Comprehensive
Financial Report in accordance with generally accepted accounting principles. In December 2020, the APA issued
a Qualified Audit Opinion on the Unemployment Insurance Fund. Volume I, which was released in February 2021,
reports the financial and internal control findings from the audit. Out of the 25 findings for FY 2020, more than
half involved the Office of Unemployment Insurance and the Unemployment Insurance Fund. Volume II, which
was released in April 2021, reports on compliance with federal requirements for federal awards. Out of 21 findings
for FY 2020, eight of those involved the Office of Unemployment Insurance and the Unemployment Insurance
Fund and identified $670.7 million in questioned costs, including the $655 million in unemployment insurance
benefits paid during FY 2020.

The COVID-19 pandemic presented major challenges for unemployment insurance systems across the country. As
a result, three federal unemployment insurance programs were created by the CARES Act: Pandemic
Unemployment Assistance (PUA), Pandemic Emergency Unemployment Compensation (PEUC), and Federal
Pandemic Unemployment Compensation (FPUC). PUA funded unemployment benefits for claimants who
historically have not been eligible for traditional unemployment insurance. In order to pay claims as quickly as
possible, the Office of Unemployment Insurance determined that anyone who applied for PUA benefits and was
deemed eligible would receive the minimum PUA benefit. In addition, PUA claims were automatically backdated
by the Office of Unemployment Insurance to March 1, 2020, which resulted in claimants being paid benefits for
weeks when they were potentially still employed. PEUC provided 13 weeks of additional unemployment benefits
to eligible individuals whose traditional unemployment benefits had been exhausted. FPUC provided an additional
$600 of benefits per week to all eligible claimants receiving at least $1 of traditional unemployment compensation,
PUA, or PEUC.

The Office of Unemployment Insurance implemented an auto pay policy in an attempt to distribute benefit
payments to unemployed individuals more quickly. According to Auditor Mike Harmon, this decision may have
led to federal violations. The implementation of the auto pay feature eliminated the control which required
claimants to report the weekly wage information needed to determine whether they were actually eligible for
benefits. Long time employees of the Office of Unemployment Insurance and Commonwealth Office of
Technology staff expressed concerns about the policy. Auto pay was in effect two weeks for traditional
unemployment insurance and eight weeks for PUA. During this time, $17.8 million was paid in traditional
unemployment benefits, $129.9 million was paid in PUA benefits, and $507.7 million was paid in FPUC benefits.
While not all of these payments were improper, they were all paid in an environment conducive to improper or
fraudulent payments which may have led to some full-time state employees receiving unemployment insurance
payments.

Auditors selected a sample of 37 full-time state employees who filed for and received unemployment insurance
benefits. Of the 37 state employees, 16 were found to have been paid traditional unemployment insurance and
FPUC for loss of part-time jobs despite still being employed full time by the state. There was a total net
overpayment of $116,978 in the sample.

Auditors also found that 10 employees within the Office of Unemployment Insurance, accessed their own
unemployment insurance claims within the system, which violated Office of Unemployment Insurance policies. It
could not be determined whether the employees had lifted stops on their own accounts, but, given the potential for
wrongdoing, this finding was referred to the office of the Attorney General and the Executive Branch Ethics
Commission. Employees accessed their own accounts even though staff are trained not to do so. If stops were
removed from those accounts, there was no way for the APA to determine who lifted those stops.

The auditors also reviewed a random sample of 99 claim weeks and found that incorrect amounts were posted to
employer accounts and benefits were not calculated correctly during 31 of the sampled claim weeks. These errors
cumulatively amounted to $17,830 in overpayments and $1,926 in underpayments. In addition, $18,867 was
overpaid because the Office of Unemployment Insurance backdated PUA and FPUC claims to March 1, 2020.

Both federal and state mandated monthly system security checks were not performed, and the unemployment
insurance mainframe performed various tasks that went undocumented. System updates and software changes were
pushed through with improper and missing documentation, without testing, and without proper implementation in
contravention of the Office of Unemployment Insurance’s policies. The agency also failed to report data breaches
as required by the Kentucky Revised Statutes. Treasury Offset Program (TOP) collections were also improperly
suspended on April 6, 2020, and were not resumed as of February 17, 2021. States are required to use TOP to
collect unemployment compensation debts that remain uncollected one year after becoming due. In May 2020 and
February 2021, the U.S. Department of Labor notified the Office of Unemployment Insurance that TOP collections
could not be suspended. The Office of Unemployment Insurance also failed to provide ACFR estimates for
accounts payable in a timely manner. Ultimately, those estimates ranged from $88.9 million to $2.08 billion.
Auditors also noted issues with the Office of Unemployment Insurance’s backlog of unemployment insurance
claims and an excessive amount of unread emails from claimants.

The Auditor issued an adverse opinion on Kentucky’s compliance with federal unemployment insurance program
requirements based on the findings detailed in Volume II. An adverse opinion is the worst opinion that can be
issued following an audit. The Office of Unemployment Insurance findings were significant enough to indicate the
Commonwealth did not materially comply with the federal requirements for the unemployment insurance program.

The Auditor made several recommendations for the UI system. Those are attached as Appendix I.

A summary of the recommendation of the Kentucky Chamber are attached as Appendix II.

RECOMMENDATIONS

The following topics should be explored by the General Assembly:

 Indexing of number of weeks benefits are payable to the state unemployment insurance rate
 Increasing the number of job contacts a claimant must make in a week
 Capping the amount of benefits that can be received if a worker’s regular weekly benefit rate is temporarily
increased or supplemented by federal, state, or local funds during a state of emergency
 Change the charging method for employers to a “proportion to base-period wages” method
 Reforming the UI Tax system
 Implementing a comprehensive job referral program into the unemployment insurance system
 Decrease from three years to one year the period of time for an employer to qualify for an experience rating
 Develop ways to improve workforce participation
 Switch the emphasis of the system from unemployment to reemployment.
 Strengthen internal policies of the Labor Cabinet to insure that employees of the Cabinet cannot access
their own UI claim information
 Improve transparency and access to information at the Labor Cabinet
 Combat UI fraud by locking known fraudsters out of the system
 Implementation of the recommendations made by the Auditor in his report
 Increased funding of the UI system to implement reforms
 Continued monitoring of the production of a new UI system technology upgrade
 Consider the reforms recommended in House Bill 317 from the 2019 Regular Session
APPENDIX I
 KENTUCKY STATE AUDITOR’S RECOMMENDATIONS FOR OFFICE OF
UNEMPLOYMENT INSURANCE (FY 2020)

Section One:

FINDING 2020-001: We recommend FAC strengthen policies, procedures, and internal controls over the tracking
and recording of capital assets to ensure they are recognized and properly reported in accordance with accounting
requirements and established policy. Prepared journal entries should be reviewed and verified to ensure the
accuracy and completeness of the financial statements.

FINDING 2020-002:
• Changes to the closing package process to accurately account for the employer tax overpayment liability
should be discussed between FAC and OUI.
• As federal money continues to be received for unemployment compensation, FAC should review the
closing package process, specifically for OUI, for possible changes or adjustments to properly classify
financial statement line items.
• FAC should review its compilation process to accurately account for the financial activity of the
Unemployment Compensation fund.

FINDING 2020-003: The COVID-19 pandemic continues to pose challenges to the country’s economy, public
health, and governments at all levels. Although the needs of the Commonwealth are great, internal controls exist to
ensure that, regardless of the situation, government programs can be executed in the most efficient and effective
manner that maintains program integrity, protects taxpayers, and ensures those eligible, and only those eligible,
receive all of the benefits to which they are entitled. We recommend, if internal controls must be adjusted based on
extraordinary circumstances, program integrity should remain a key objective of the entity.

FINDING 2020-004: We recommend OUI develop formal system documentation explaining all processing
performed by KEWES and UI-related mainframe batch jobs and interfaces, including critical security functionality
enabled. We also recommend OUI ensure the proposed flow documentation is completed. Also, all error warnings
generated as well as edits and audits established within KEWES should be thoroughly documented to support the
processing being performed by KEWES.

FINDING 2020-005: First, we would like to acknowledge how difficult the COVID-19 pandemic was and
continues to be. We also realize there was a sense of urgency at the onset of the pandemic to assist the public.
However, if management had applied the change controls established, some if not all of the weaknesses
commented on within this finding could have been prevented. As such, we recommend OUI update and
consistently apply the policies and procedures outlined in the Standard Procedures for Unemployment Insurance
System Modification and Enhancement Process document, such as specifically retaining documentation to support
the program modification process, including approvals necessary. At a minimum, each change request should
include:
• date submitted
• name of the person submitting the request
• name of the person assigned to complete the request
• SOW or detailed steps to resolving the request
• testing procedures performed
• results of testing
• date of testing
• name of tester
• time and date the request is considered resolved
• name of the person approving the proposed resolution.
The policy should also address emergency situations or non-standard requests where a departure from the normal
approval process is appropriate and authorized by the agency. The policy should provide examples of what
constitutes an emergency situation or a nonstandard request. All policies and procedures related to the program
modification process should be distributed to the appropriate personnel and OUI should ensure the policies are
consistently applied.

These policies and procedures are crucial to enabling OUI to ensure that individuals only receive benefits in
accordance with statutory provisions. OUI plays a fundamental role in ensuring the integrity of their UI program.
OUI should continue to operate its programs, both new and existing, in conformity and compliance with federal
laws and guidance and promote program integrity.

FINDING 2020-006: We recommend OUI restore and strengthen its internal controls to ensure benefits are only
granted to eligible claimants. We also recommend OUI implement a process to identify and recapture benefit
overpayments caused by the exceptions identified above to the extent required by state and federal law.

FINDING 2020-007: We recommend OUI modify its operating manual to require appropriate steps to quantify
and verify accurate receivable amounts associated with funds owed to Kentucky from other states and the federal
government. This is especially pertinent for the federal receivable due to continued financial support from the
federal government for the unemployment insurance program.

FINDING 2020-008: The Office of Unemployment Insurance should review claims paid to fully-employed
claimants to identify possible improper payments. If improper payments are identified, overpayment amounts
should be established and, when required by law, recoveries of the funds should be made.

Key system controls are in place to reduce the risk of improper or fraudulent payments. Those controls should not
be removed in the interest of expediency. If management wishes to issue legitimate benefits more expediently,
those benefits should be paid without compromising program integrity.
FINDING 2020-009: We recommend the OUI Integrity Branch review their operations manual and ensure that
procedures are adequate to verify the appropriateness of the accounts payable date range, the completeness of the
accounts payable database, and the appropriateness of the query used to determine accounts payable amounts.
In light of ongoing federal financial support for unemployment insurance during the COVID-19 pandemic, we also
recommend that OUI consider changing their closing package compilation process to account for these new
funding sources.

FINDING 2020-010: We recommend the OUI- Integrity Branch review their operations manual and ensure that
procedures are adequate to develop reasonable and verifiable estimates for any material benefit payable amounts
that cannot be captured by their normal process. OUI should develop procedures that establish internal controls
over the determination of the need for estimates and the formulation of those estimates

FINDING 2020-011: We recommend COT create written logical security procedures related to the Linux servers
to ensure only authorized access is granted. Once finalized, the procedures should be distributed to applicable COT
and agency staff to ensure all staff is aware of the requirements for gaining and removing access to servers
administered by COT. Within these procedures, COT should ensure agency staff are aware that EIM does not
automatically remove a user’s access to the Linux production servers upon exiting the agency.

In addition, we recommend COT develop listings of users with access to Linux servers administered by COT on a
periodic basis and provide these to the agency owners for review. COT should request that they review the access
rights within the listing and provide confirmation of necessity for all accounts. Any accounts that are no longer
needed should be reported to COT with a request for the access to be removed. This type of communication to
applicable agencies will help ensure the procedures in place are followed consistently, only necessary and
approved accounts remain active, and user accounts are revoked timely, as necessary.

Furthermore, we recommend COT review all password settings established on the four eMARS Linux/Unix
servers to ensure they comply with enterprise policies.

Finally, we recommend COT provide a list of all services running on the four eMARS Linux/Unix servers to the
Finance Cabinet for review and approval. This process should be performed anytime a new service is installed on
the servers. Approvals provided by the Finance Cabinet should be maintained for audit purposes.
FINDING 2020-012: We recommend COT comply with CIO-093 by developing SSPs for the core infrastructure
systems maintained by COT – Windows, Unix/Linux, Network, Directory Services, and Databases. All SSPs
developed should be updated in a timely manner. Finally, all documentation developed to comply with CIO-093
should be distributed to the appropriate personnel to ensure risk is appropriately mitigated throughout the
Commonwealth.

FINDING 2020-013: We recommend COT ensure ServiceNow is fully implemented and used to track all
machines they manage on behalf of the Commonwealth. COT should work with the all state agencies to determine
which machines house critical or sensitive information and ensure these are properly secured. We also recommend
COT designate which agencies are consolidated on their contact listing.

FINDING 2020-014: We recommend Revenue ensure compliance with enterprise policies CIO-093 and CIO106.
To comply with these policies, Revenue should assess the privacy impact associated with CARS, EEPS, and ARP
by completing the PIA documentation developed by COT. Revenue should also develop an SSP that assigns a
Security Categorization for CARS, EEPS, and ARP and conduct and document a risk assessment for these
applications. The risk assessment should be repeated at least annually and be updated in a timely manner. Once the
documentation has been developed, it should be distributed to the appropriate personnel to ensure risk is
appropriately mitigated throughout the Commonwealth. We recommend Revenue apply the same
recommendations to DORIS once in production.
FINDING 2020-015: We recommend Finance ensure compliance with all enterprise policies by:
• Developing an SSP that assigns a Security Categorization for eMARS that complies with CIO-093.
• Conducting and documenting a risk assessment for eMARS to comply with CIO106. For compliance with
CIO-106, the risk assessment should be repeated at least annually and be updated in a timely manner. In
addition, once developed, the SSP should be distributed to the appropriate personnel to ensure risk is
appropriately mitigated throughout the Commonwealth.
• Fully assess the privacy impact associated with eMARS by completing the PIA documentation developed
by COT.

FINDING 2020-016: We recommend Finance:

• Sufficiently protect data classified as confidential or internal in compliance with COT enterprise policies
and standards by completing current work plans to enhance security over certain confidential and internal
data.
• Develop a process to periodically review access granted to Finance employees to ensure the shared
directory is properly secured.

FINDING 2020-017: We recommend FAC review the internal controls related to the calculation of the
compensated absences liability and ensure amounts initially reported are accurate.

FINDING 2020-018: We recommend KDA implement adequate internal controls to confirm and validate
information provided for the preparation of the SEFA prior to submission. KDA should consult with the Office of
the Controller as deemed necessary to ensure compliance with reporting requirements

FINDING 2020-019: We recommend KDE:

• Evaluate cash balances for closed grants which are unobligated.
• Consult with its federal grantor to determine if any repayment is necessary.
• Work with the FAC to ensure proper recording of any changes.

FINDING 2020-020: We recommend KYTC integrate the monitoring of the central salt repository into its existing
asset count process and document the results.

FINDING 2020-021: We recommend KYTC revisit and revise its AFR compilation procedures to ensure that
receipts are recorded in the proper period so that deferred inflows of resources and revenues are accurately
presented in the transportation fund in the Commonwealth’s CAFR.

FINDING 2020-022: We recommend OUI ensure compliance with enterprise policies CIO-093 and CIO-106. To
comply with these policies, OUI should assess the privacy impact associated with KEWES by completing the PIA
documentation developed by COT. OUI should also develop a SSP that assigns a Security Categorization for
KEWES and conduct and document a risk assessment for KEWES. The risk assessment should be repeated at least
annually and be updated in a timely manner. Once the documentation has been developed, it should be distributed
to the appropriate personnel to ensure risk is appropriately mitigated throughout the Commonwealth.

We also recommend OUI assist the DOL and COT with performing monthly, detailed vulnerability assessments
against KEWES production servers. OUI should work with DOL and COT to analyze vulnerability scan reports
and remediate any weaknesses identified. All vulnerability scan reports, including remediation taken, should be
documented and maintained for audit purposes.

FINDING 2020-023: We recommend OUI management ensure all steps within the security breach process are
consistently completed. Specifically, if a potential breach is identified, designated OUI staff should be contacted
immediately. COT should then be notified, as well as the Kentucky State Police, APA, Attorney General, and
Finance Secretary within 72 hours. After the incident has been investigated, OUI should inform these same
agencies whether the misuse of personal information has occurred. If a breach has occurred, OUI should then
follow the procedures regarding notifying individuals impacted.

All OUI staff should be made aware of the agency’s internal procedures related to the requirements of the EDU-00,
CIO-090, and associated statutes. OUI staff should be knowledgeable concerning the appropriate actions involved
with the identification, reporting, and notification of potential security incidents.

Finally, OUI should work to ensure the system upgrade is completed to permanently fix the document upload
functionality as soon as possible.

FINDING 2020-024: We recommend OUI continuously follow the procedures documented in the Computer
Access Request Procedures. Also, we recommend OUI update the Computer Access Request Procedures to
address the granting of access during emergencies that will allow OUI better control over access to KEWES, along
with other systems. In addition, we recommend OUI perform a periodic review of accounts with access to KEWES
to ensure they are required. The results of this review, including actions taken, should be documented and retained
for audit purposes.

We also recommend access to the SADMIN User account be limited. Additionally, we recommend OUI ensure
system changes are made to require periodic password changes within KEWES.

FINDING 2020-025: We recommend that OUI review the SEFA submission to ensure all CARES Act
expenditures are reported separately from the non-CARES Act expenditures.

Section Two:
FINDING 2020-026: We recommend DMA ensure compliance with 2 CFR 200.405 and 2 CFR 200.430 by
implementing a methodology that accurately accounts for and allocates payroll costs to federal grants based on the
work performed. In instances where federal funding is not available for a particular grant’s management costs,
other allowable non-federal funding sources should be utilized as to prevent unallowable costs and activities. DMA
should consult with FEMA for additional guidance as needed.

FINDING 2020-030: We recommend OUI implement formal audit and review procedures to ensure staff with the
ability to access, remove, or clear stops on accounts do not perform such actions on their own accounts. Procedures
should be in place to monitor whether or not employees have accessed their own account. The Labor Cabinet
should adopt and continue the practice of producing the reports detailed in the Kentucky Department of Education
Workforce Development Cabinet’s Internal Security Handbook.

FINDING 2020-031: We recommend the Commonwealth resume TOP collections in accordance with guidance
from the U.S. Department of Labor.

FINDING 202-034: We recommend CHFS:

• Establish and implement internal control procedures for monitoring the targeted case management
requirements for members covered by the Managed Care Organizations to ensure compliance with the CFR
and KARs.
• Ensure files are maintained for the Title V program to ensure the Medicaid members are receiving the
assessments and care needed, and to ensure these are for allowable recipients.

FINDING 2020-035: We recommend the CHFS implement internal controls by documenting policies and
procedures to ensure the MCO SOC reports are evaluated and corrective action is taken if necessary
FINDING 2020-036: We recommend CHFS review the internal controls related to earmarking and ensure future
compliance with the 10% administrative limit. CHFS should also communicate with the federal government
regarding this issue and take appropriate action as needed.

FINDING 2020-037: We recommend CHFS review internal controls and consider identifying the program period
in the contracts to ensure 90% of the LIHEAP funds are obligated in the first federal fiscal year.

FINDING 2020-038: We recommend CHFS maintain supporting documentation used for the preparation of the
report to ensure the accuracy of the report data.

FINDING 2020-039: We recommend CHFS maintain supporting documentation used for the preparation of the
MCH report. For example, for form 6, screenshots of the data could be made when the report is completed. We
also recommend CHFS review internal control procedures to ensure the accuracy of the report data.

FINDING 2020-040: We recommend CHFS review the ACF 204 reporting procedures to ensure the accuracy of
the report data.

FINDING 2020-041: We recommend DMA ensure compliance with 2 CFR 200.405 and 2 CFR 200.430 by
implementing a methodology that accurately accounts for and allocates payroll costs to federal grants based on the
work performed. In instances where federal funding is not available for a particular grant’s management costs,
other allowable non-federal funding sources should be utilized as to prevent unallowable costs and activities. DMA
should consult with FEMA for additional guidance as needed.

FINDING 2020-042: We recommend DWI implement adequate internal controls to ensure the ETA 2112, ETA
2208a, and ETA 9130 reports are reviewed before submission to the U.S. DOL. The ETA 9130 should be certified
by an authorized official who is not the report preparer. These internal control procedures should also be shared
with the Kentucky Labor Cabinet so that internal controls remain in place if the responsibility for these reports is
transitioned.

FINDING 2020-043: We recommend KDE implement adequate internal controls and properly manage grant
activities to ensure compliance with cash management in accordance with Federal regulations.

FINDING 2020-044: We recommend KYTC strengthen its review of expenditures within federal program CFDA
97.036 when compiling the SEFA.

FINDING 2020-045: We recommend OSBD continue to work with U.S. Department of the Treasury on a final
determination on the application and interpretation of the effective date of distributed guidance, including if
guidance issued is to be retroactively applied. For any costs ultimately determined to be unallowable, and outside
the period of performance, OSBD should coordinate with KSP to move those expenditures to allowable funding
sources and recoup those funds within the State’s CRF. Any returned CRF funds would then be available to be
used on other allowable expenses in accordance with established guidelines.

FINDING 2020-046: We recommend the following:

• OUI charge only allowable costs incurred during the established period of performance.
• OUI implement internal controls to ensure grant accounting templates are prepared with accurate
information and updated when necessary.
• OUI implement internal controls to identify and correct the grant-related accounting errors in a timely
manner
 APPENDIX II

Kentucky Chamber Recommendations to the Unemployment Insurance Task Force

October, 28, 2021

 Provide additional funds to the Unemployment Insurance Trust Fund to return the balance to the pre-
pandemic level (approximately $600 million).
 Continue to explore changes proposed in House Bill 317 in the 2019 regular session.
 Make improvements to the unemployment insurance (UI) tax structure. Kentucky’s UI tax structure is
generally viewed as one of the worst in the nation due to higher rates than usual and some distortionary
features as well. The Kentucky Chamber recently announced a new partnership with the Tax Foundation to
conduct a comprehensive review of Kentucky’s tax code and recommend reforms. This review will include
analysis of Kentucky’s UI tax structure and suggestions for improvement and will be complete later this
year. 
 Strengthen Kentucky’s work search requirement. In 2019, the national average for how long an
unemployed individual received unemployment benefits was 14.8 weeks. For the states that surround
Kentucky, the average was 13.3. Kentucky’s average was 18.2 weeks. In 2019, this was the longest
average benefit duration in the country.
o Redefine “job contact” as “work search activities” and define in statute what constitutes a “work
search activity.” Other states’ work search requirements include a broad range of activities that
reflect what a modern job search actually looks like and acknowledge that job-seeking skills vary
from person-to-person. Kentucky might include work search activities such as: 
 Formally submitting a job application either in person or online
 Being interviewed for a job virtually, in-person, or in a group interview setting
 Job shadowing
 Attending a job fair or networking event hosted by a local chamber of commerce or business
organization
 Participating in a job search skills workshop or seminar
 Participating in official Kentucky Career Center or partner programs related to job searching
or employment
 
 All work search activities must be fully verifiable. The General Assembly should work with the Cabinet to
determine criteria for verifying completion of eligible work search activities. 
o Using a broad definition of work search activities as proposed, claimants should conduct at least
five work search activities per week to continue receiving benefits. This number is in line with
states like Florida, Wisconsin, Utah, Arizona, and Nebraska. There are multiple ways we might
structure this requirement, such as specifying that a certain number must be formal job applications
 or limiting the number of work search activities that can be recorded for a single day. The other 49
states provide a wide range of options and ideas, but the Chamber believes one job contact per
week is a weak goal for a modern-day job search.
o Update the statutory requirement that claimants find suitable work. Under state law, the Cabinet
must consider various criteria in determining what is or is not suitable work for a claimant. This
includes factors such as the claimant’s previous wages, their employment history, and their
background and skills. In other states, the definition of suitable work can change the longer a
claimant remains on unemployment benefits. In New York, for example, the definition of suitable
work changes after 10 weeks to include any work that a claimant is able to perform regardless of
whether or not they have related experience or training.
o Kentucky should develop a robust job referral program similar to South Carolina’s, in which
employers submit job opportunities to their UI administrative agency and then staff at that agency
connect claimants directly with those opportunities based on their suitability. Participation in a
referral program like this should be tied to benefit eligibility. 
o The Cabinet should update its online portal for employers to report candidates who refuse a job
offer with an option to also report applicants who fail to show up for interviews without notice.
Many Chamber members have reported an uptick in job applicants not showing up for interviews in
recent months. This should be reportable and be considered by the Cabinet when evaluating a
claimant’s request for benefits. Such a reporting option would not create an automatic termination
of benefits but could be a part of the cabinet’s existing auditing of work search requirements.
o Kentucky should look at ways to strengthen and increase the frequency of the auditing processes to
ensure claimants are fulfilling work search requirements. The Chamber would like to see some
requirements outlined in statute as well as expectations for routine reporting from the Cabinet on the
results of audits and data on Kentucky’s work search program. Equally as important, claimants
should have a clear understanding of how the Cabinet will hold them accountable to state work
search requirements.