REPORT DIGEST

DEPARTMENT OF INSURANCE

COMPLIANCE EXAMINATION
FOR THE TWO YEARS ENDED JUNE 30, 2024

Release Date:  July 15, 2025

FINDINGS THIS AUDIT: 13

CATEGORY:  NEW -- REPEAT – TOTAL
Category 1:  1 -- 5 -- 6
Category 2:  1 -- 6 -- 7
Category 3:  0 -- 0 -- 0
TOTAL:  2 -- 11 -- 13

FINDINGS LAST AUDIT: 19

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, 400 West
Monroe, Suite 306, Springfield, IL
62704-9849
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

SYNOPSIS

• (24-01) The Department of Insurance
(Department) did not have adequate controls
over the collection of its accounts
receivable.
• (24-02) The Department did not timely
submit its vouchers for payment to the
Office of Comptroller and had processing
weaknesses during the examination period.
• (24-03) The Department failed to implement
adequate internal controls over users’
access to its     applications and data.

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

INADEQUATE CONTROLS OVER ACCOUNTS
RECEIVABLES

The Department of Insurance (Department) did
not have adequate internal controls over the
collection of its accounts receivables.

During testing of 40 accounts receivable
balances as of June 30, 2024, we noted:
• Six (15%) account receivable balances
tested, aged between 149 and 3,698 days and
totaling $17,166, were not placed in the
Comptroller’s Offset System or referred to
the Department of Revenue Debt Collection
Bureau.

• Eight (20%) long outstanding account
receivable balances tested under $1,000,
aged between 1,186 and 5,185 days and
totaling $3,147, were not certified as
uncollectible with the Comptroller.

• Twenty (50%) long outstanding account
receivable balances tested of $1,000 or
more, aged between 1,419 and 5,015 days and
totaling $156,281, were not certified as
uncollectible with the Office of the
Attorney General.   (Finding 1, Page 10-11).
This finding has been reported since 2020.

We recommended the Department strengthen its
internal controls over collection of
accounts receivable.  Additionally, we
recommended the Department properly place
past due debt in the Comptroller’s Offset
System or refer past due debt to the Debt
Collection Bureau.  Further, we recommended
the Department certify debt as uncollectible
with the Comptroller or request the Attorney
General to certify accounts receivable as
uncollectible when appropriate.

Department management agreed with this
finding.

FAILURE TO IMPLEMENT ADEQUATE CONTROLS OVER
USER ACCESS

The Department failed to implement adequate
internal controls over users’ access to its
applications and data.

As part of our examination, we requested the
Department provide populations of users with
access to the applications tested.  The
Department was able to provide complete and
accurate populations for all applications,
except for one application.  When the
population of active users for this
application was reviewed, the Department
stated 10 of 22 (45%) users identified as
active by the Department and included in our
sample did not have user access and should
therefore not be considered active.  As
such, we determined the Department’s
population of active application users was
not sufficiently precise and detailed under
the Professional Standards promulgated by
the American Institute of Certified Public
Accountants.

Even given the population limitation noted
above, we selected a sample of users from
all applications, including the application
described above, to test user access
controls.  During our testing, we noted:

• Nine of 14 (64%) separate users tested
still had access to the applicable systems
after separation. Access was still active
from 90 to 594 days between the dates of
separation and June 30, 2024.

• Twenty-one of 85 (25%) active users tested
did not require access to the applicable
systems.

• Seven of 19 (37%) users tested with
administrative access did not require
administrative access. (Finding 3, pages
15-17). This finding has been reported since
2022.

We recommended the Department maintain a
complete and accurate list of users for all
applications used by the Department.  We
also recommended the Department strengthen
internal controls over access removal for
employees no longer requiring access.
Finally, we recommended the Department
perform, and document, annual user access
reviews, including the periodic review of
mainframe user access and Active Directory
accounts.

Department management agreed with this
finding.

OTHER FINDINGS

The remaining findings are reportedly being
given attention by the Department.  We will
review the Department’s progress towards the
implementation of our recommendations in our
next State compliance examination.

ACCOUNTANT’S OPINION

The accountants conducted a State compliance
examination of the Department for the two
years ended June 30, 2024, as required by
the Illinois State Auditing Act.  The
accountants qualified their report on State
compliance for Findings 2024-001 through
2024-006.  Except for the noncompliance
described in these findings, the accountants
stated the Department complied, in all
material respects, with the requirements
described in the report.

This State compliance examination was
conducted by Sikich CPA LLC.

COURTNEY DZIERWA
Division Director

This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.


FRANK J. MAUTINO
Auditor General

FJM: cgc