NOTE: Illinois State University’s FY2010 financial statements should be read in conjunction with the FY2011 financial statements. In the FY2010 financial statements, the June 30, 2010 net assets have been restated (decreased by $5,189,664) to correct errors in reporting accounts receivable. Because the June 30, 2010 net assets have been restated, the previously issued auditors’ report dated March 30, 2011 is not to be relied upon without consideration of the auditors’ report dated March 2, 2012 on the restatement of the June 30, 2010 net assets.
ILLINOIS STATE UNIVERSITY
FINANCIAL AUDIT AND COMPLIANCE EXAMINATION (In accordance with the Single Audit Act and OMB Circular A-133)
For the Year Ended: June 30, 2010
Summary of Findings:
Total this audit: 3
Total last audit: 2
Repeated from last audit: 2
Release Date: April 14, 2011
State of Illinois, Office of the Auditor General
WILLIAM G. HOLLAND, AUDITOR GENERAL
To obtain a copy of the Report contact:
Office of the Auditor General, Iles Park Plaza, 740 E. Ash Street, Springfield, IL 62703
(217) 782-6046 or TTY (888) 261-2887
This Report Digest and Full Report are also available on the worldwide web at www.auditor.illinois.gov
• The University does not perform a periodic reconciliation of the detailed property and equipment listings to the general ledger.
• The University had not assured adequate University-wide procedures existed over the proper disposal of confidential information.
FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS
LACK OF REVIEWED AND APPROVED RECONCILIATION OF DETAILED PROPERTY LISTINGS TO THE GENERAL LEDGER
The University does not perform periodic reconciliations of detailed property listings to the general ledger. Without a reconciliation, the University can not ensure that the activity being recorded in the general ledger agrees to the activity recorded in the property and equipment database. We noted the following:
• The University did not capitalize assets as of the date acquired, but as of the date they were tagged. We noted in the first quarter of 2010, approximately $837,000 of capital assets were capitalized when tagged that had been previously expensed in 2009. As of June 30, 2010, there was approximately $207,000 of capital assets that were improperly expensed due to not being tagged until 2011.
• The University improperly capitalized approximately $2,339,000 of equipment in 2009 that was below the capitalization threshold. The University corrected this misclassification in fiscal year 2010.
• The University recorded approximately $2,863,000 in both the construction in progress and buildings accounts during fiscal year 2009 for the same costs. The University corrected this error in fiscal year 2010 by eliminating $2,863,000 from the construction in progress account.
• The University improperly expensed approximately $1,750,000 of building costs during fiscal year 2009. The University corrected this misclassification in fiscal year 2010.
• As a result of the above misclassifications, the June 30, 2010 C-15 report is incorrect.
The net effect of these misclassifications resulted in the expenses on the fiscal year 2009 financial statements being understated by approximately $2,615,000. The expenses in the fiscal year 2010 financial statements are overstated by approximately $2,822,000. The June 30, 2010 financial statements were not adjusted for these misclassifications as management deemed them immaterial.
Proper internal control procedures require that accounts be periodically reconciled at the detail level to ensure that the subledgers agree to the general ledger balances. (Finding 1, pages 15-16)
We recommended that the University perform a reconciliation of the detailed property and equipment listings to the general ledger that is properly reviewed and approved on a quarterly basis.
University officials accepted our recommendation.
INADEQUATE PROCEDURES OVER DISPOSAL OF CONFIDENTIAL INFORMATION
The University had not assured adequate University-wide procedures existed over the disposal of confidential information. We noted the University:
• Had not performed a risk assessment of its computing environment to identify and protect confidential information from unauthorized disclosure.
• Had not installed disk encryption software on its laptop computers as well as mainframe backup tapes.
• Had not formally approved procedures regarding the University’s responsibilities, as stated in the Personal Information Protection Act, for the prompt investigation and notification in the event of a breach of personal information.
While performing walkthroughs at the University, we found personal information and personal health information in unsecured bins.
Failure to establish adequate procedures to protect and timely dispose of confidential information and to enforce compliance with established procedures can lead to such information being compromised. (Finding 3, pages 18-20)
We recommended the University assess its procedures for safeguarding and subsequent disposal of all confidential information. The University should effectively communicate the procedures to all University personnel and enforce compliance with its procedures ensuring all confidential information is kept secured until no longer needed, and then properly disposed. We also recommend the University perform a comprehensive risk assessment of its computer environment and encrypt personal or confidential data.
University officials accepted our recommendation.
The remaining finding is reportedly being given attention by the University. We will review the University’s progress towards the implementation of our recommendations in our next audit.
Our auditors stated the financial statements of the University as of June 30, 2010 and for the year then ended are fairly presented in all material respects.
WILLIAM G. HOLLAND
SPECIAL ASSISTANT AUDITORS
Clifton Gunderson, LLP were our special assistant auditors for this audit.