REPORT DIGEST

INTERMEDIATE SERVICE CENTER #2: WEST
COOK

FINANCIAL AUDIT
FOR THE YEAR ENDED JUNE 30, 2019

Release Date:  August 16, 2023

FINDINGS THIS AUDIT: 5

CATEGORY:  NEW -- REPEAT -- TOTAL
Category 1:  0 -- 1 -- 1
Category 2:  1 -- 1 -- 2
Category 3:  0 -- 2 -- 2
TOTAL:  1 -- 4 -- 5

FINDINGS LAST AUDIT: 5

Category 1: Findings that are material
weaknesses in internal control and/or a
qualification on compliance with State
laws and regulations (material
noncompliance).
Category 2: Findings that are
significant deficiencies in internal
control and noncompliance with State
laws and regulations.
Category 3: Findings that have no
internal control issues but are in
noncompliance with State laws and
regulations.

State of Illinois, Office of the
Auditor General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, Iles
Park Plaza, 740 E. Ash Street,
Springfield, IL 62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are
also available on the worldwide web at
www.auditor.illinois.gov


SYNOPSIS

•  (19-1) The Intermediate Service
Center #2 did not provide completed
financial statements in an auditable
form by the August 31 deadline.

•  (19-2) The Intermediate Service
Center #2 did not have adequate
internal control procedures.

•  (19-3) The Intermediate Service
Center #2 lacked adequate controls over
the review of internal controls over
external service providers.

•  (19-4) The Intermediate Service
Center #2 did not have adequate
internal controls over grant
compliance.

•  (19-5) The Intermediate Service
Center #2 did not have adequate
internal controls over procurement-card
transactions.

FINDINGS, CONCLUSIONS, AND
RECOMMENDATIONS

DELAY OF AUDIT

The Intermediate Service Center #2
(ISC) did not provide completed
financial statements in an auditable
form by the August 31, 2019 deadline.
The completed financial statements were
provided on December 15, 2022.

The ISC is subject to 105 ILCS
5/2-3.17a which requires the Auditor
General’s office to cause an audit to
be made, as of June 30th of each year,
of the financial statements of all
accounts, funds, and other moneys in
the care, custody, or control of the
executive director of each educational
service region in the State and of each
educational service center established
in the School Code. The audit is to be
conducted in accordance with Generally
Accepted Government Auditing Standards.
The Regional Office of Education or
Educational Service Center may utilize
a cash basis, modified cash basis, or
Generally Accepted Accounting
Principles (GAAP) basis of accounting
to prepare the financial statements for
audit. The ISC has chosen the cash
basis of accounting for financial
reporting.

In accordance with 105 ILCS 5/2-3.17a,
the Auditor General has promulgated
administrative rules and regulations to
govern this process. Those rules, 74
Ill. Adm. Code 420.320 (c) (2), state
that for audit purposes, each regional
office of education and educational
service center shall make available to
the Auditor General or his designee all
books and records deemed necessary to
make and complete the required audits.
The records shall be in auditable form
by August 15 of the succeeding fiscal
year. Financial reports are to be
available no later than August 31 in
order for the annual audit to be
completed by an independent auditor
selected by the Auditor General.

In addition, prudent business practices
and transparency require timely
preparation and completion of financial
statements.

ISC management indicated they incurred
key employee turnover which has put
them behind in financial reporting.
(Finding 19-001, pages 10 – 11) This
finding was first reported in 2015.

The auditors recommended the ISC should
implement procedures to ensure
compliance with 105 ILCS 5/2-3.17a and
74 Ill. Adm. Code 420.320 (c) (2).
These financial statements need to be
presented to the Auditor General’s
independent auditors for audit by the
August 31 deadline.

ROE Response: As this writing is
occurring in FY23, we expect to see
this as an ongoing finding for audits
yet to be completed for FY20-23. We
have worked with our contracted
accountant over the past seven years,
who has experience with ROE/ISC audits
and knows the requirements, to have
reports available in a timely manner
moving forward. We have also hired a
Chief School Business Official (CSBO)
who started work here in July 2021 to
address this issue and other findings
in this document.

INADEQUATE INTERNAL CONTROL PROCEDURES

The Intermediate Service Center #2
(ISC) did not have adequate internal
control procedures. Auditors noted the
following weaknesses in the ISC’s
internal control system for which there
were no mitigating controls:
• All transactions were not initially
posted directly to the correct funds in
the general ledger. Subsequent
adjusting entries had to be recorded to
reclassify them to the proper fund.
• There was a lack of segregation of
duties within the cash receipts
process. The same employee was
primarily responsible for creating
invoices for programs and academies,
receiving and depositing cash receipts,
and following up on outstanding
balances. Additionally, there was no
formal process for reviewing amounts
owed to the ISC.
• There was no consistent documentation
of room rental rates. Room rates vary
by type of event and user and are
communicated to the registrar for
invoicing either verbally or by email.

The ISC is responsible for establishing
and maintaining an internal control
system over accounting transactions to
prevent errors and fraud.

ISC management indicated it has not
established or documented sufficient
internal control procedures. (Finding
19-002, pages 12 – 13) This finding was
first reported in 2012.

The auditors recommended the ISC
implement internal control procedures
to ensure the following:
•	  should be posted directly to
appropriate accounts upon initial
recording to avoid subsequent
reclassifications.
• Incompatible accounting functions
need to be segregated and a formal
process for reviewing amounts owed to
the ISC implemented.
• Room rental rates should be
communicated in writing to the
registrar to avoid misunderstanding and
to provide an audit trail.

ROE Response:
• Since the original finding regarding
reclassifications, we have been
training staff to provide accurate
account coding to minimize the number
of journal entries needed.
• Accounting functions will be
segregated and a formal process for
reviewing outstanding receivables
implemented.
• Consistent documentation of room
rentals will be developed.

LACK OF ADEQUATE CONTROLS OVER THE
REVIEW OF INTERNAL CONTROLS OVER
EXTERNAL SERVICE PROVIDERS

As part of the audit process, auditors
requested the Intermediate Service
Center #2 (ISC) provide a population of
the service providers utilized. The ISC
was able to identify service providers
that provided various hosting and
backup services.

The ISC lacked adequate controls over
the review of internal controls over
external service providers.  During
testing, the auditors noted the ISC had
not:
• Developed a formal process for
identifying service providers and for
either obtaining the Service
Organization Controls (SOC) reports
from the service providers and related
subservice organization or performing
alternative procedures to determine the
impact of such services on its internal
control environment prior to signing an
agreement with the service provider.
• Documented its review of each of the
SOC reports, or performed alternative
procedures, to evaluate any issues
relevant to the ISC’s internal
controls.
• Monitored and documented the
operations of the Complementary User
Entity Controls (CUECs) relevant to the
ISC’s operations.

The ISC is responsible for the design,
implementation, and maintenance of
internal controls, including the
controls that are outsourced to service
providers, related to information
systems and operations to ensure
resources and data are adequately
protected from unauthorized or
accidental disclosure, modifications,
or destruction. This process is not
limited due to the process being
outsourced.

Generally accepted information
technology guidance endorses the review
and assessment of internal controls
related to information systems and
operations to assure the accurate
processing and security of information.

ISC management indicated staff lacked
knowledge that a good internal control
system included having controls in
place to ensure the accuracy of what
external service providers are
providing and to ensure that the
controls of external service providers
are sufficient to perform the
service(s) for the organization.
(Finding 19-003, pages 14 – 15)

The auditors recommended the ISC
identify all third-party service
providers and determine and document if
a review of controls is required. If
required, the ISC should:
• Obtain SOC reports including services
provided by subservice organizations,
prior to signing agreements with
providers and annually thereafter or
perform independent reviews of internal
controls associated with outsourced
systems.
• Document its review of the SOC
reports or perform alternative
procedures to evaluate all significant
issues to ascertain if a corrective
action plan exists and when it will be
implemented, any impacts to the ISC,
and any compensating controls.
• Review contracts with service
providers to ensure applicable
requirements over the independent
review of internal controls are
included.

ROE Response: We have made contact with
another Regional Office of Education to
receive training and documentation
regarding controls over the review of
internal controls over external service
providers.

CONTROLS OVER GRANT COMPLIANCE

The Intermediate Service Center #2
(ISC) did not have adequate internal
controls over grant compliance. During
the course of the audit, auditors noted
6 of the 20 (30%) quarterly expenditure
reports required by the Illinois State
Board of Education (ISBE) were not
submitted timely. Five quarterly
expenditure reports were submitted four
days late and one was submitted seven
days late.

As a recipient of federal, State and
local funds from various grantor
agencies, the ISC must incorporate
certain procedures into its operations
to comply with the grant agreements
with these entities.

The ISC is responsible for establishing
and maintaining an internal control
system over the completion of timely
quarterly expenditure reports required
for grants administered by ISBE. ISBE
requires expenditure reports to be
filed within 20 days of the applicable
end of each quarter.

ISC management indicated that this
occurred due to key employee turnover
which has put them behind in financial
reporting. (Finding 19-004, page 16)

The auditors recommended the ISC should
implement adequate internal controls to
ensure that expenditure reports are
filed timely.

ROE Response: The ISC will implement
internal controls to ensure that grant
expenditure reports are filed timely.

INADEQUATE CONTROLS OVER PROCUREMENT-
CARD TRANSACTIONS

The Intermediate Service Center #2
(ISC) did not have adequate internal
controls over procurement-card (P-card)
transactions. Internal controls over
disbursements were not effectively
designed and implemented. During the
auditors testing of P-card
transactions, the auditors noted the
following:
• Personal expenses were charged by an
employee on the ISC’s P-card. These
expenses were paid back in full by the
employee with a personal check. The ISC
maintained a copy of the personal check
and the related charge receipts with
the credit card statements. Personal
expenses charged within the
transactions tested totaled $32.
• While testing a sample of 3 months of
P-card transactions, supporting
receipts were not provided for 6
cardholders’ transactions totaling
$635.
• While testing internal controls over
disbursements, 1 out of 40
disbursements sampled included a P-card
transaction for which a supporting
invoice was not provided.

The ISC is required to maintain a
system of controls over disbursements
to prevent errors, omissions, and
fraud. Additionally, expenses incurred
should be for a business purpose and
represent economical and effective use
of the ISC’s resources.

ISC management indicated personal
expenses were mistakenly charged by a
separate staff member using P-cards
instead of their personal credit cards.
In addition, a statement and charge
receipts were misplaced and could not
be found. (Finding 19-005, pages 17 –
18)

The auditors recommended the ISC adhere
to its policy prohibiting the use of P-
cards for personal use. In addition,
procedures should be implemented to
ensure documentation of P-card activity
is obtained and retained.

ROE Response: The ISC will adhere to
its policy prohibiting the use of P-
cards for personal use. In addition,
procedures will be implemented to
ensure documentation of P-card activity
is obtained and retained.

AUDITORS’ OPINION

Our auditors state the Intermediate
Service Center #2’s financial
statements as of June 30, 2019 are
fairly presented in all material
respects.

This financial audit was conducted by
the firm of GW & Associates PC.

JOE BUTCHER
Division Director

This report is transmitted in
accordance with Section 3-14 of the
Illinois State Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:JMM