REPORT DIGEST

COURT OF CLAIMS

COMPLIANCE EXAMINATION
FOR THE TWO YEARS ENDED JUNE 30, 2023

Release Date:  April 25, 2024

FINDINGS THIS AUDIT: 5

CATEGORY:  NEW -- REPEAT – TOTAL

Category 1:  0 -- 0 -- 0
Category 2:  4 -- 1 -- 5
Category 3:  0 -- 0 -- 0
TOTAL:  4 -- 1 -- 5

FINDINGS LAST AUDIT: 2

Category 1: Findings that are material
weaknesses in internal control and/or a
qualification on compliance with
State laws and regulations (material
noncompliance).
Category 2: Findings that are significant
deficiencies in internal control and
noncompliance with State laws and
regulations.
Category 3: Findings that have no internal
control issues but are in noncompliance with
State laws and regulations.

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, 400 West
Monroe, Suite 306, Springfield, IL
62704-9849
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

SYNOPSIS

• (23-03) The Court of Claims (Court) did
not establish adequate controls over access
to its computing environment and information
technology (IT) systems.

• (23-04) The Court did not comply with
applicable provisions of the Court of Claims
Act (705 ILCS 505/7).

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

INADEQUATE CONTROLS OVER USER ACCESS

The Court of Claims (Court) did not
establish adequate controls over access to
its computing environment and information
technology (IT) systems.

During fieldwork, we examined the Office’s
general information technology controls over
the Court’s Based Docketing System 3270
application (System).

During testing over user access to the
System, we noted:

• One of five (20%) users tested retained
access to the System after they no longer
needed the access.

• Three of six (50%) separated employees
tested did not have their user access
removed timely. Access was revoked between
47 and 173 days after separation date.

• The Court did not conduct an annual review
of users’ access rights during Fiscal Year
2022. (Finding 3, pages 12-13).

We recommended the Court implement controls
to ensure access to its IT systems and data
is appropriate. Specifically, we recommended
the Court ensure access rights are timely
terminated and conduct annual reviews of
users’ access rights.

The Court agreed with this recommendation.

NONCOMPLIANCE WITH COURT OF CLAIMS ACT

The Court did not comply with applicable
provisions of the Court of Claims Act (Act)
(705 ILCS 505/7).

During our testing, we noted the following:

• The Court had no record of the Court’s
Deputy being appointed by the Secretary of
State to act as an officer of the Court, nor
did the Court have any record of the Deputy
Clerk taking an oath to faithfully act on
the Court’s behalf.

• The Court did not monitor the Secretary of
State’s computer services that were being
provided during the engagement period, nor
did the Court maintain an understanding of
how Secretary of State’s computer services
affected the Court’s data. (Finding 4, pages
14-15).

We recommended the Court comply with the
requirements of the Court of Claims Act,
including retaining documentation of
appointment of the Deputy Clerk by the
Secretary of State and evidence of oath
taken by the Deputy Clerk. Furthermore, we
recommended the Court implement policies and
procedures to ensure there are adequate
security controls over the Court’s
information systems and computer services
provided by the Secretary of State.

The Court agreed with this recommendation
and stated the Deputy Clerk’s oath has since
been administered.

OTHER FINDINGS

The remaining findings pertain to inadequate
controls over expenditure processing and
review of internal controls over service
providers, as well as inadequate segregation
of duties over monthly reconciliations.  We
will review the Court’s progress towards the
implementation of our recommendations in our
next State compliance examination.

ACCOUNTANT’S OPINION

The accountants conducted a State compliance
examination of the Court for the two years
ended June 30, 2023, as required by the
Illinois State Auditing Act.  The
accountants stated the Court complied, in
all material respects, with the requirements
describe in the report.

This State compliance examination was
conducted by Sikich LLP.

JANE CLARK
Division Director

This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:QK