REPORT DIGEST

OFFICE OF THE STATE’S ATTORNEYS APPELLATE
PROSECUTOR

COMPLIANCE EXAMINATION
FOR THE TWO YEARS ENDED JUNE 30, 2022

Release Date:  November 16, 2023

FINDINGS THIS AUDIT: 1

CATEGORY:  NEW -- REPEAT -- TOTAL
Category 1:  0 -- 1 -- 1
Category 2:  0 -- 0 -- 0
Category 3:  0 -- 0 -- 0
TOTAL:  0 – 1 -- 1

FINDINGS LAST AUDIT: 1

Category 1: Findings that are material
weaknesses in internal control and/or a
qualification on compliance with State laws
and regulations (material noncompliance).
Category 2: Findings that are significant
deficiencies in internal control and
noncompliance with State laws and
regulations.
Category 3: Findings that have no internal
control issues but are in noncompliance
with State laws and regulations.

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, Iles Park
Plaza, 740 E. Ash Street, Springfield, IL
62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

SYNOPSIS

• (22-1) The Office of the State’s
Attorneys Appellate Prosecutor did not
implement adequate controls over its
service providers.

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

LACK OF ADEQUATE CONTROLS OVER THE REVIEW
OF INTERNAL CONTROLS OF SERVICE PROVIDERS

The Office of the State’s Attorneys
Appellate Prosecutor (Office) did not
implement adequate controls over its
service providers.

The Office utilized three service providers
for software as a service and hosting
services. The data controlled by these
service providers is critical to the
Office’s operations and contains
confidential information.

During testing, we noted the following in
regard to the Office’s review of the System
and Organization Control (SOC) reports for
its service providers:

• The Office did not document deviations
noted and the related impact of those
deviations for SOC reports with modified
opinions.

• The Office did not document its
identification of Complementary User Entity
Controls (CUECs) included in the SOC
reports and the Office’s compliance with
the applicable CUECs.

• The Office did not document its
identification of subservice organizations
noted in the SOC reports and related
procedures performed to satisfy the Office
the existence of subservice organizations
did not impact its internal control
environment. (Finding 1, pages 10-11)

We recommended the Office improve
documentation of its review over SOC
reports to include:

• Analysis of the impact of deviations
noted in the SOC reports;

• Documentation of CUECs relevant to
operations; and

• Analysis of subservice organizations
noted in SOC reports and related procedures
performed to satisfy itself the usage of
the subservice organizations would not
impact the internal control environment.

The Office agreed to improve the
documentation of its review of SOC reports.

ACCOUNTANT’S OPINION

The accountants conducted a State
compliance examination of the Office of the
State’s Attorneys Appellate Prosecutor
(Office) for the two years ended June 30,
2022, as required by the Illinois State
Auditing Act. The accountants qualified
their report on State compliance for
Finding 2022-001.  Except for the
noncompliance described in this finding,
the accountants stated the Office complied,
in all material respects, with the
requirements described in the report.

This State compliance examination was
conducted by Kerber, Eck & Braeckel LLP.

JANE CLARK
Division Director

This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:dmg