REPORT DIGEST

DEPARTMENT OF REVENUE

FINANCIAL AUDIT
FOR THE YEAR ENDED JUNE 30, 2023

Release Date:  July 16, 2024

FINDINGS THIS AUDIT: 1

CATEGORY:  NEW -- REPEAT – TOTAL
Category 1:  0 -- 0 -- 0
Category 2:  0 -- 1 -- 1
Category 3:  0 -- 0 -- 0
TOTAL:  0 -- 1 -- 1

FINDINGS LAST AUDIT: 3

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, 400 West
Monroe, Suite 306, Springfield, IL
62704-9849
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

SYNOPSIS

• (23-01) The Department had not implemented
adequate internal controls over its service
providers.

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

INADEQUATE CONTROL OVER SERVICE PROVIDERS

The Department of Revenue (Department) had
not implemented adequate internal controls
over its service providers.

We performed testing of four service
providers identified by the Department. The
Department utilized service providers for
mail processing, lock box services, data
entry and credit card payment processing.

Our testing noted the Department had not:

• Performed adequate independent reviews for
two of four (50%) service providers
• Conducted an analysis to determine the
impact of noted deviations within the SOC
reports for one of four (25%) service
providers.
• Monitored and documented the operation of
the Complementary User Entity Controls
(CUECs) related to the Department’s
operations for two of four (50%) service
providers.

In addition, the department obtained a
bridge letter for one (25%) service
provider; however, the Department did not
address the risk of relying on the bridge
letter which covered nine months of the
fiscal year. (Finding 1, pages 68-69)

We recommended the Department continue to
strengthen its controls in assessing and
monitoring all service providers. Further,
we recommended the Department:

• Review SOC reports (or perform independent
reviews) of internal controls associated
with outsources systems at least annually.
• Conduct an analysis to determine the
impact of the noted deviations within the
SOC reports.
• Monitor and document the operation of the
CUECs related to the Department’s
operations.
• Ensure no significant changes to the
service provider’s internal control when
bridge letters are obtained for extended
periods.

The Department accepted the finding and
stated they have implemented procedures to
ensure there are controls in place to assess
and monitor service providers.

AUDITOR’S OPINIONS

The auditors stated the financial statements
of the Department as of and for the years
ended June 30, 2023 are fairly stated in all
material respects.

This financial audit was conducted by RSM US
LLP.

JANE CLARK
Division Director

This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:sjs