REPORT DIGEST

CHICAGO STATE UNIVERSITY

FINANCIAL AUDIT
FOR THE YEAR ENDED JUNE 30, 2023

Release Date:  February 22, 2024

FINDINGS THIS AUDIT: 3

CATEGORY:  NEW -- REPEAT -- TOTAL
Category 1:  1 -- 0 -- 1
Category 2:  0 -- 2 -- 2
Category 3:  0 -- 0 -- 0
TOTAL:  1 – 2 -- 3

FINDINGS LAST AUDIT: 2

Category 1: Findings that are material
weaknesses in internal control and/or a
qualification on compliance with State laws
and regulations (material noncompliance).
Category 2: Findings that are significant
deficiencies in internal control and
noncompliance with State laws and
regulations.
Category 3: Findings that have no internal
control issues but are in noncompliance with
State laws and regulations.

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, Iles Park
Plaza, 740 E. Ash Street, Springfield, IL
62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

This digest covers the Chicago State
University’s (University) Financial Audit as
of and for the year ended June 30, 2023.
The University’s State Compliance
Examination and Single Audit reports will be
separately issued at a later date.

SYNOPSIS

• (23-03) The University did not have
adequate internal controls to ensure
compliance with the Illinois Pension Code.

• (23-02) The University did not maintain
adequate controls over computer security.

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

INADEQUATE CONTROLS TO ENSURE COMPLIANCE
WITH  ILLINOIS PENSION CODE

The University did not have adequate
internal controls to ensure compliance with
the Illinois Pension Code (Code).

During testing, we requested the University
provide the populations of retired
employees, persons receiving a retirement
annuity (Annuitants) from the State
Universities Retirement System (SURS) and
re-employed by the University, and employees
who filed for disability benefits during
Fiscal Year 2023. The University could not
provide the populations generated from its
internal records. Subsequently,
the University provided the populations
obtained from SURS; however, these
populations were not reconciled to the
University’s records and vice versa.

Due to this condition, we were unable to
conclude the University’s population records
were sufficiently precise and detailed under
the Professional Standards promulgated by
the American Institute of Certified Public
Accountants (AU-C §
500.08 and AT-C § 205.36) to test the
University’s compliance with the Code.

Even given the population limitations noted
above, we performed the testing and noted
the University did not timely notify SURS of
the re-employment of two of seven (29%)
annuitants. The University notified SURS 320
days late. (Finding 3, pages 74-75)

We recommended the University implement
controls to ensure completeness and accuracy
of the populations of retirees, re-employed
annuitants, and employees who filed for
disability benefits. Further, we recommended
the University timely notify SURS of re-
employment of annuitants in accordance with
the Code.

University officials agreed with the
recommendation and stated the University was
developing a corrective action plan to
ensure compliance with the Code.

WEAKNESSES OVER COMPUTER SECURITY

The University did not maintain adequate
controls over computer security.

During testing, we noted:

• Separated employees continued to have
access to the University’s environment.

• Information Technology (IT) infrastructure
was not secured properly. (Finding 2, pages
72-73) This finding has been repeated since
2020.

We recommended the University ensure timely
deactivation of separated users’ access and
ensure the IT infrastructure is properly
secured.

University officials agreed with the
recommendation and stated the University was
developing a corrective action plan to
address the lack of controls over computer
systems.



AUDITOR’S OPINION

The auditors stated the financial statements
of the University as of and for the year
ended June 30, 2023, are fairly stated in
all material respects.

The financial audit was conducted by Roth &
Company, LLP.

JANE CLARK
Division Director

This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:vrb