REPORT DIGEST

 

ILLINOIS SUPREME COURT

(Including Appellate Court Districts 1-5 and the Illinois Courts Commission)

 

COMPLIANCE AUDIT

For the Two Years Ended:

June 30, 2003

 

Summary of Findings:

 

Total this audit                       3

Total last audit                       0

Repeated from last audit        0

 

Release Date:

May 6, 2004

 

 

 

State of Illinois

Office of the Auditor General

WILLIAM G. HOLLAND

AUDITOR GENERAL

 

To obtain a copy of the Report contact:

Office of the Auditor General

Iles Park Plaza

740 E. Ash Street

Springfield, IL 62703

(217) 782-6046 or TDD (217) 524-4646

 

 

This Report Digest is also available on

the worldwide web at

http://www.state.il.us/auditor

 

 

SYNOPSIS

  • The Supreme Court did not complete required internal audits in compliance with the Fiscal Control and Internal Auditing Act (FCIAA).
  • The Supreme Court did not have an adequate security administration program to ensure security over, and use of, information system resources.

 

 

 

 

 

 

 

 

 

 

 

 

 

{Expenditures and Activity Measures are summarized on the reverse page.}

 

                                                         SUPREME COURT

                                                       COMPLIANCE AUDIT

                                           For The Two Years Ended June 30, 2003

EXPENDITURE STATISTICS

FY 2003

FY 2002

FY 2001

! Total Expenditures (All Funds)

      Expenditures:

            Appropriated Funds

            Non-appropriated Funds

$280,975,869

 

$280,255,134

$720,735

$292,991,359

 

$292,549,080

$442,279

$275,009,109

 

$274,810,263

$198,846

OPERATIONS TOTAL

      % of Total Expenditures

$206,047,237

73.3%

$209,167,594

71.4%

$195,916,976

71.2%

Personal Services

% of Operations Expenditures

Average No. of Employees

$177,772,992

86.3%

2,090

$177,684,557

84.9%

2,097

$170,198,174

86.9%

2,096

Other Payroll Costs (FICA, Retirement)

      % of Operations Expenditures

$13,561,683

6.6%

$13,320,810

6.4%

$12,574,959

6.4%

Contractual Services

      % of Operations Expenditures

$6,188,047

3.0%

$6,428,928

3.1%

$7,394,137

3.8%

All Other Operations Items

      % of Operations Expenditures

$8,524,515

4.1%

$11,733,299

5.6%

$5,749,706

2.9%

GRANTS TOTAL

      % of Total Expenditures

$74,928,632

26.7%

$83,823,765

28.6%

$79,092,133

28.8%

! Cost of Property and Equipment

$40,388,234

$35,469,226

$30,661,708

SERVICE EFFORTS AND ACCOMPLISHMENTS

2003

2002

Supreme Court of Illinois:

Cases Filed

Cases Disposed

Appellate Court of Illinois:

Cases Filed

Cases Disposed

Circuit Courts of Illinois:

Cases Filed

Cases Disposed

 

3,096

3,524

 

8,345

9,190

 

3,933,178

4,081,220

 

3,225

2,602

 

8,511

9,148

 

3,835,881

6,826,113

DIRECTOR OF THE ADMINISTRATIVE OFFICE OF ILLINOIS COURTS

During Audit Period: Joseph Schillaci (7/1/01 Ė 3/31/02), Cynthia Y. Cobbs (3/1/02 Ė current)

Currently: Cynthia Y. Cobbs

 

 

 

 

 

 

 

 

 

 

 

 

 

No internal audits of major systems completed

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Information System control weaknesses

 

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

FAILURE TO COMPLETE REQUIRED INTERNAL AUDITS

The Illinois Supreme Court (Court) did not complete required internal audits in compliance with the Fiscal Control and Internal Auditing Act (FCIAA).

During our audit, we noted that no audits of major systems of accounting and administrative control were completed during the two years under review. Although a number of audits had been initiated during the audit period, only one internal audit was completed, reviewed, and submitted to the Court. Also, the two-year audit plan, for both fiscal years, was not carried out.

The FCIAA states that the Court "Öwill establish by its rulemaking authority or by administrative order a full-time program of internal auditing of State-funded activities of the judicial branch, which is consistent with the intent of this Article." At the January 1993 Term, the Court by directive, established the program of internal auditing consistent with FCIAA. (Finding 1, pages 10-11)

We recommended the Court comply with the requirements of the Fiscal Control and Internal Auditing Act and complete required internal audits in compliance with the Courtís directive.

Agency officials responded that they accepted our recommendation and stated the Chief Internal Auditor for the Supreme Court of Illinois is charged by the Court with the continuing responsibility to timely complete, review and issue reports for all audits.

 

INADEQUATE SECURITY ADMINISTRATION PROGRAM

The Illinois Supreme Court (Court) did not have an adequate security administration program to ensure security over, and use of, information systems (IS) resources.

During our testing, we noted that many of the Courtís security practices at its central location appeared to be appropriate. However, we noted the Court had not established a formal security administration program to ensure its computer security and usage guidelines were followed at all locations.

In our review of the Computer Security and Usage Guidelines distributed by the Courtís Judicial Management Information Services (JMIS) division, we noted the following control weaknesses:

  • The Court had not communicated these guidelines to all personnel.
  • The Court had not developed a mechanism by which it can monitor and enforce the guidelines or resolve violations.
  • The only ongoing security monitoring was an intermittent and cursory review of user accounts.
  • A formal ongoing security awareness program to train users on the importance of computer security concepts does not exist.

JMIS management maintains that they can only provide suggested guidelines for IS security and are not granted the authority to monitor and enforce compliance with the guidelines. Each judicial branch office is left to determine if they wish to comply with the guidance provided by JMIS.

A lack of guidance concerning usersí responsibilities related to computer security and protection of IS assets could result in unauthorized access and/or misuse of the Courtís information systems, especially with the Courtís decentralized computer environment located in numerous locations. (Finding 3, pages 17-18)

We recommended the Court develop a security administration program that encompasses the entire organization. The program should include the development of computer security and usage policies and procedures and outline the Courtís security management structure.

Agency officials responded that they accepted our recommendation and stated that the JMIS will expand its security monitoring by disseminating the Computer Security and Usage Guidelines to all personnel who utilize information system resources within the judicial branch.

Mr. John Bracco, Chief Internal Auditor provided the responses to our recommendations on December 30, 2003.

OTHER FINDING

The other finding pertained to locally held funds. We will review progress toward implementation of all recommendations in our next compliance audit.

AUDITORSí OPINION

We conducted a compliance audit of the Illinois Supreme Court as required by the Illinois State Auditing Act. We have not audited any financial statements of the Court for the purpose of expressing an opinion because the agency does not, nor is it required to, prepare financial statements.

 

 

_____________________________________

WILLIAM G. HOLLAND, Auditor General

WGH:GSR

SPECIAL ASSISTANT AUDITORS

Our Special Assistant Auditors were Sikich Gardner & Co, LLP