REPORT DIGEST

ILLINOIS ARTS COUNCIL

COMPLIANCE EXAMINATION
FOR THE TWO YEARS ENDED JUNE 30, 2021

Release Date:  June 1, 2022

FINDINGS THIS AUDIT:  7

CATEGORY:  NEW -- REPEAT – TOTAL
Category 1:  0 -- 0 -- 0
Category 2:  5 -- 2 -- 7
Category 3:  0 -- 0 -- 0
TOTAL:  5 -- 2 -- 7

FINDINGS LAST AUDIT: 4

Category 1: Findings that are material
weaknesses in internal control and/or
a qualification on compliance with
State laws and regulations (material
noncompliance).
Category 2: Findings that are
significant deficiencies in internal
control and noncompliance with State
laws and regulations.
Category 3: Findings that have no
internal control issues but are in
noncompliance with State laws and
regulations.

State of Illinois, Office of the
Auditor General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report
contact:
Office of the Auditor General, Iles
Park Plaza, 740 E. Ash Street,
Springfield, IL 62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are
also available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

The Illinois Arts Council (Council)
was created through the Arts Council
Act (20 ILCS 3915). The Council is
governed by 21 private citizens from
throughout Illinois, chosen for their
commitment to the arts and are
appointed by the Governor. The members
serve in a voluntary, non-paid
capacity and are responsible for
developing the State’s public arts
policy, fostering culturally diverse
quality programs, and approving grant
expenditures. The functions of the
Council are directed by the Council’s
mission statement: “to build a strong,
creative, and connected Illinois
through the arts.” The Council
received funds through the State of
Illinois General Revenue Fund
appropriations and federal grants from
the National Endowment for the Arts.

SYNOPSIS

• (21-01) The Council did not draft or
adopt formal agency rules, including
related to grant procedures.
• (21-02) The Council did not perform
monthly obligation and contract
reconciliations.
• (21-06) The Council did not obtain
or conduct timely independent internal
control reviews over its service
providers.

FINDINGS, CONCLUSIONS, AND
RECOMMENDATIONS

FAILURE TO ADOPT FORMAL RULS FOR THE
AGENCY AND GRANT PROCEDURES

The Council did not draft or adopt
formal agency rules, including rules
relating to grant procedures. Grant
expenditures were $12,732,440 and
$12,168,900 for Fiscal Years 2021 and
2020, respectively.  (Finding 1, page
9)  This finding has been repeated
since 2007.

We recommended the Council draft
organizational rules and grant
procedures, and work with the Joint
Committee on Administrative Rules for
assistance with the formal adoption
process.

The Council agreed with the finding
and stated the Council will continue
to seek guidance from the Office of
the Governor.

MONTHLY RECONCILIATIONS NOT PERFORMED

The Council did not perform monthly
obligation and contract
reconciliations with the Comptroller’s
monthly Agency Contract Report (SC14)
and monthly Obligation Activity Report
(SC15) for Fiscal Year 2020 and 2021.
(Finding 2, page 10)

We recommended the Council reconcile
its contracts and obligations activity
in accordance with the SAMS manual.

The Council agreed with the finding
and stated the Council has established
written procedures to ensure monthly
obligation and contract
reconciliations are being performed.

LACK OF ADEQUATE CONTROLS OVER THE
REVIEW OF INTERNAL CONTROLS OVER
SERVICE PROVIDERS

The Council did not obtain or conduct
timely independent internal control
reviews over its service provider.

We requested the Council to provide
the population of services providers
utilized to determine if they had
reviewed the internal controls over
their service providers. In response
to our request, the Council provided a
listing; however, they did not provide
documentation demonstrating the
population was complete and accurate.
Due to these conditions, we were
unable to conclude the Council’s
population records were sufficiently
precise and detailed under the
Professional Standards promulgated by
the American Institute of Certified
Public Accountants (AT-C §205.35).
Even given the population limitations
noted above, we performed testing over
the one service provider identified by
the Council.

During our testing, we noted the
Council had not:
• obtained the System and Organization
Control (SOC) report.
• reviewed the SOC report to determine
the impact and whether assurance could
be obtained that internal controls
being relied upon at the service
provider were effectively operating.
• determined if Complementary User
Entity Controls (CUECs), which should
be in place at the Council were.
• obtained and reviewed SOC reports
for subservice organizations or
performed alternative procedures to
determine the impact on its internal
control environment.

The Council is responsible for the
design, implementation, and
maintenance of internal controls
related to information systems and
operations to ensure resources and
data are adequately protected from
unauthorized or accidental disclosure,
modifications, or destruction. This
responsibility is not limited due to
the process being outsourced.
(Finding 6, pages 17-18)

We recommended the Council strengthen
its controls in identifying and
documenting all service providers
utilized. Further, we recommended the
Council obtain SOC reports or conduct
independent internal control reviews
at least annually. In addition, we
recommended the Council:
• Monitor and document the operation
of the CUECs relevant to the Council’s
operations.
• Either obtain and review SOC reports
for subservice organizations or
perform alternative procedures to
satisfy itself that the existence of
the subservice organization would not
impact its internal control
environment.

The Council agreed with the finding
and stated the Council will work with
DoIT to monitor and document the
operation of the CUEC’s relevant to
the Council’s operations.

OTHER FINDINGS

The remaining findings pertain to
inadequate controls over State
property, equipment, and accounts
receivables, weaknesses in
cybersecurity, and lack of disaster
contingency planning.  We will review
the Council’s progress towards the
implementation of our recommendations
in our next State compliance
examination.

ACCOUNTANT’S OPINION

The accountants conducted a State
compliance examination of the Council
for the two years ended June 30, 2021,
as required by the Illinois State
Auditing Act.  The accountants stated
the Council complied, in all material
respects, with the requirements
described in the report.

This State compliance examination was
conducted by Adelfia LLC.

JANE CLARK
Division Director

This report is transmitted in
accordance with Section 3-14 of the
Illinois State Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:jgr