REPORT DIGEST

ILLINOIS GAMING BOARD

FINANCIAL AUDIT – STATE GAMING FUND FOR
THE YEAR ENDED JUNE 30, 2016
AND
COMPLIANCE EXAMINATION FOR THE TWO YEARS
ENDED JUNE 30, 2016

Release Date:  March 23, 2017

FINDINGS THIS AUDIT:  7

CATEGORY:  NEW -- REPEAT -- TOTAL
Category 1:  0 -- 1 -- 1
Category 2:  1 -- 5 -- 6
Category 3:  0 -- 0 -- 0
TOTAL:  1 -- 6 -- 7

FINDINGS LAST AUDIT: 15

Category 1:	Findings that are material
weaknesses in internal control and/or a
qualification on compliance with State
laws and regulations (material
noncompliance).
Category 2:	Findings that are
significant deficiencies in internal
control and noncompliance with State laws
and regulations.
Category 3:	Findings that have no
internal control issues but are in
noncompliance with State laws and
regulations.

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, Iles Park
Plaza, 740 E. Ash Street, Springfield, IL
62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are
also available on the worldwide web at
www.auditor.illinois.gov

SYNOPSIS

• (2016-003)	The Board did not obtain
or perform internal control reviews of the
external service provider used to process
video gaming revenue.
• (2016-002)	The Board did not maintain
adequate controls over personal services.
• (2016-001)	The Board was not in
compliance with the Fiscal Control and
Internal Auditing Act.

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

INTERNAL CONTROL REVIEWS OF EXTERNAL
SERVICE PROVIDERS NOT OBTAINED OR
PERFORMED

The Board did not obtain or perform
internal control reviews of the external
service provider used to process video
gaming revenue.

The Board utilizes an external service
provider to design, develop, implement,
operate, maintain and support the secure
communication of video gaming terminals
across the State.

However, the Board had not reviewed the
Service Organization Internal Control
Report to ensure the service provider’s
controls were suitable. The Board received
approximately $234,811,500 and
$301,903,400 in FY15 and FY16,
respectively in video gaming revenue.
(Finding 3, pages 14-15)

We recommended the Board obtain or perform
independent reviews of internal controls
associated with outsourced systems at
least annually.  The independent reviews
should include an assessment of the
following five key system attributes, as
applicable:

• Security - The system is protected
against both physical and logical
unauthorized access.
• Availability - The system is available
for operation and use as committed or
agreed.
• Processing integrity - System processing
is complete, accurate, timely and
authorized.
• Confidentiality - Information designated
as confidential is protected as committed
or agreed.
• Privacy - Personal information is
collected, used, retained, disclosed and
disposed of in conformity Department
requirements.

We also recommended the Board review the
report, assess the effect of any noted
deficiencies, and identify and implement
any compensating controls. The Board’s
reviews and corrective actions taken by
the service provider should be documented
and maintained.

Board personnel stated the Board has begun
the process of reviewing the internal
controls of the external service provider
however, the review has not been
documented.  The Board will begin
documenting the review on a go-forward
basis to validate the process has been
performed.

INADEQUATE CONTROLS OVER PERSONAL SERVICES

The Board did not maintain adequate
controls over personal services.

During testing, we noted the following:

• Two of 25 (8%) personnel files tested
did not contain performance evaluations
that were completed in a timely manner.
The evaluations were completed from 165 to
227 days after the employee’s anniversary
date.
• The Board did not fully comply with the
State Officials and Employees Ethics Act
(Act) and the Board’s Employee Handbook
(Handbook). Five of 25 (20%) employees
selected for testing did not sign-in and/
or sign-out during their regular scheduled
shift.
• Two of 25 (8%) employees’ time sheets
did not agree to the attendance records
for time off.
(Finding 2, pages 12-13)  This finding has
been repeated since 2012.

We recommended the Board conduct timely
annual performance evaluations and comply
with the Act regarding proper timekeeping,
and ensure employee timesheets agree to
attendance records.

Board personnel agreed with our
recommendation and stated it will continue
to be the Board’s goal to conduct timely
performance evaluations as well as ensure
all employees sign-in and/or sign-out
during their regular scheduled shift and
maintain time sheets which agree to
detailed attendance records for time off.
(For the previous Department response, see
Digest Footnote #1.)

NONCOMPLIANCE WITH THE FISCAL CONTROL AND
INTERNAL AUDITING ACT

The Board was not in compliance with the
Fiscal Control and Internal Auditing Act.

The Board has not filed the fiscal control
and internal auditing certification that
is required.  There was no other
compensating review of internal controls
performed during the fiscal year. (Finding
1, page 11)

We recommended the Board complete the
fiscal year 2016 certification and then
comply with the requirements of the Act in
subsequent years.

Board personnel agreed with the
recommendation and stated the Board will
complete the 2016 certification before
March 31, 2017 and annually before May 1.

OTHER FINDINGS

The remaining findings are reportedly
being given attention by the Board.  We
will review the Board’s progress towards
the implementation of our recommendations
in our next compliance examination.

AUDITOR’S OPINION

The auditors stated the financial
statements of the Board’s State Gaming
Fund as of and for the year ended June 30,
2016 are fairly stated in all material
respects.

ACCOUNTANT’S OPINION

The accountants conducted a compliance
examination of the Board for the two years
ended June 30, 2016, as required by the
Illinois State Auditing Act.  The
accountants qualified their report on
State compliance for Finding 2016-003.
Except for the noncompliance described in
this finding, the accountants stated the
Agency complied, in all material respects,
with the requirements described in the
report.

This financial audit and compliance
examination was conducted by BKD, LLP.

BRUCE L. BULLARD
Division Director

This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:JWF

DIGEST FOOTNOTES

#1 - INADEQUATE CONTROLS OVER PERSONAL
SERVICES

2014:  The Board agrees with the
recommendation.  It will continue to be
Board’s goal to conduct timely performance
and probationary evaluations for all
employees. (2014-008)

The Board agrees with the recommendation
and has incorporated its formal timesheet
policy into its revised Employee Handbook
(currently in Draft form). (2014-009)

Note:  Findings 2014-008 and 2014-009 were
combined into one finding during the
current examination.