
REPORT DIGEST

OFFICE OF COMPTROLLER – FISCAL OFFICER
RESPONSIBILITIES

FINANCIAL AUDIT
FOR THE YEAR ENDED JUNE 30, 2022

Release Date:  December 21, 2022

FINDINGS THIS AUDIT:  2

CATEGORY:  NEW -- REPEAT – TOTAL
Category 1:  1 -- 0 -- 1
Category 2:  0 -- 0 -- 0
Category 3:  0 -- 1 -- 1
TOTAL:  1 -- 1 -- 2

FINDINGS LAST AUDIT: 1

Category 1: Findings that are material
weaknesses in internal control and/or
a qualification on compliance with
State laws and regulations (material
noncompliance).
Category 2: Findings that are
significant deficiencies in internal
control and noncompliance with State
laws and regulations.
Category 3: Findings that have no
internal control issues but are in
noncompliance with State laws and
regulations.

State of Illinois, Office of the
Auditor General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report
contact:
Office of the Auditor General, Iles
Park Plaza, 740 E. Ash Street,
Springfield, IL 62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are
also available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

This digest covers the Office of
Comptroller’s Fiscal Officer’s
Financial Audit as of and for the year
ended June 30, 2022. The Office of
Comptroller - Fiscal Officer’s
Compliance Examination as of and for
the year ended June 30, 2022 will be
issued in a separate report at a later
date.

SYNOPSIS

• (22-1)  The Office of Comptroller
did not ensure all statutorily
mandated transfers between State
 funds were made within established
 timeframes, as required.

• (22-2)  The Office of Comptroller
failed to implement adequate general
Information Technology (IT)
 controls related to its environment
 and applications.

FINDINGS, CONCLUSIONS, AND
RECOMMENDATIONS

LATE PAYMENT OF STATUTORILY MANDATED
TRANSFERS

The Office of Comptroller (Office) did
not ensure all statutorily mandated
transfers between State funds were
made within established timeframes, as
required.

The Office processed transfers from 31
to 365 days after the mandated
transfer date. The late transfers
outstanding as of and paid after June
30, 2022 totaled $877 million.  The
Office also made 71 late transfers,
totaling $156 million, between State
funds that were made between one and
30 days after the statutorily mandated
transfer date.  Lastly, we noted 201
late transfers, totaling $1.470
billion, which were still outstanding
as of October 12, 2022, relating to
fiscal year 2022, fiscal year 2021,
and fiscal year 2020.  (Finding 1,
pages 58-60)  This finding was first
reported in 2009.

We recommended the Office make
transfers within timeframes
established by applicable statutes.
While we realize the lack of available
funds in the State Treasury requires
prioritization and cash management
decisions, we recommended the Office
continue in its efforts to make
transfers in as timely a manner as
possible.

Office officials accepted the
recommendation and stated the Office
will make efforts to make required
transfers timely but given all the
competing payments from limited
resources in the State Treasury there
will always be some that are late.
Office officials also stated the
Office staff continues to collaborate
with various State fiscal officers on
regular ongoing basis to complete fund
transfers that are essential
throughout the fiscal year to avoid
disruptions in the delivery of State
services or programs.

FAILURE TO IMPLEMENT ADEQUATE
INFORMATION TECHNOLOGY CONTROLS

The Office failed to implement
adequate general Information
Technology (IT) controls related to
its environment and applications.

The Office was unable to provide
certain requested information covering
the audit period concerning the
network and related security policies
and procedures.  In addition, we noted
instances where the network’s security
settings were not current or suitably
configured.

Also, during our testing of the
Office’s controls over access
provisioning, we noted instances where
the Office had not established
policies and procedures documenting
requirements for reviewing security
logging reports for the network or
their various applications and had not
established policies and procedures
documenting the process for
terminating external users’ access.
In addition, we noted the Office did
not document its review of mainframe
security violation reports or approval
for users’ access to applications, did
not timely terminate separated users’
access and did not conduct a periodic
review of users’ access to the
environment and applications.

Our review of the Office’s System
Development Methodology, System
Request Procedures, and Network Change
Authorization Form Procedures noted
they were not current and did not
reflect the Office’s process for
change management. Also, the Office
was unable to provide a complete and
accurate population of network
changes.  As a result, we were unable
to test changes to the network.

Further, in order to determine whether
the Office maintained proper
segregation of duties our network
applications, we requested the
population of developers.  Although
the Office provided numerous listings,
the Office could not demonstrate any
of the listings were complete and
accurate. Due to these conditions, we
were unable to conclude the Office’s
population records were sufficiently
precise and detailed under the
Professional Standards promulgated by
the American Institute of Certified
Public Accountants (AU-C § 500.08).

Even given the population limitations
noted above, we tested a sample of
application changes to ensure proper
segregation of duties.  We noted
developers migrated the change into
the production environment, or
sufficient documentation was not
provided to determine who conducted
the migration. (Finding 2, pages
61-63)

We recommended the Office implement
adequate general IT controls related
to its environment and applications.

Office officials accepted the
recommendation.

AUDITOR’S OPINION

The auditors stated the fund balances
at June 30, 2022, and the revenues and
expenditures for the year then ended
relating to the State of Illinois,
Office of Comptroller - Fiscal Officer
Responsibilities’ Traditional
Budgetary Financial Report, are fairly
presented in all material respects.
The auditors noted the financial
statements have been prepared on a
basis of accounting other than
accounting principles generally
accepted in the United States of
America.
This financial audit was conducted by
Sikich LLP.

JANE CLARK
Division Director

This report is transmitted in
accordance with Section 3-14 of the
Illinois State Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:vrb