This report of the Illinois Workers’ Compensation Commissions’ Self-Insurers Security Fund (Fund) should be read in conjunction with the FY16 financial statements of the Fund and the auditor’s report dated January 4, 2018.
In FY16, the auditors issued an adverse opinion on the Fund’s financial statements due to the Commission having an inadequate process to determine the claims liabilities of the Fund, and because the proper accounting treatment for the insolvent self-insurer security collected by the State of Illinois is not determinable due to two different irreconcilable interpretations of the Worker’s Compensation Act. Because of the adverse auditor opinion of the Fund’s financial statements for the year ended June 30, 2016, the audit reports for the year ended prior to June 30, 2016 should not be relied upon without considering the auditor’s report dated January 4, 2018.
WORKERS’ COMPENSATION COMMISSION
FINANCIAL AUDIT AND COMPLIANCE EXAMINATION
For the Two Years Ended: June 30, 2009
Summary of Findings:
Total this audit: 10
Total last audit: 7
Repeated from last audit: 6
Release Date: March 30, 2010
State of Illinois, Office of the Auditor General
WILLIAM G. HOLLAND, AUDITOR GENERAL
To obtain a copy of the Report contact:
Office of the Auditor General, Iles Park Plaza, 740 E. Ash Street, Springfield, IL 62703
(217) 782-6046 or TTY (888) 261-2887
This Report Digest and Full Report is also available on the worldwide web at http://www.auditor.illinois.gov
• The Commission did not have adequate controls over financial reporting for the Self Insurer’s Security Fund.
• The Commission had major internal control weaknesses over its Rate Adjustment Fund program.
• The Commission had inadequate controls over Injured Workers Benefit Fund.
• The Commission had not established adequate security policies and control over its computer environment.
FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS
NEED TO IMPROVE CONTROLS OVER FINANCIAL REPORTING
The Illinois Workers’ Compensation Commission – Self Insurer’s Security Fund (IWCC-SISF) did not have adequate controls over financial reporting to allow management and employees to prevent or detect errors or misstatement in the financial reporting process and ensure proper reporting in accordance with generally accepted accounting principles (GAAP).
During our audit, some of the problems noted were:
- IWCC-SISF did not recognize revenues in the proper accounting period. As such, receivables and operating revenues for fiscal year 2009 were understated by $264,341. In addition, improper revenue recognition resulted in a restatement of beginning net assets of $284,128.
- IWCC-SISF did not record the prior fiscal year auditors’ adjustment of $1,075,260 to properly disclose Liabilities for Unpaid Claims at June 30, 2008.
- IWCC-SISF did not properly record the reversal of the prior fiscal year balance of compensated absences of $28,000.
- IWCC-SISF did not properly classify current and non-current liabilities for unpaid claims at June 30, 2009. The entire account balance of $8,431,839 was presented as current liabilities whereas $6,141,459 of that amount should have been classified as non-current.
Other problems noted in the IWCC-SISF included adjustments to the wrong fiscal year, accounting estimates not reviewed on a periodic basis, and receivables not recorded at the end of the year for financial reporting purposes. (Finding 1, pages 13-15)
We recommended management review policies, procedures and internal controls to ensure the accuracy and completeness of recorded transactions and the appropriate application of GAAP.
Commission officials agreed with this recommendation and stated they have implemented appropriate accounting changes, corrected ledgers and reports, and hired additional professional staff.
INADEQUATE CONTROLS OVER THE RATE ADJUSTMENT FUND PROGRAM
The Commission had major internal control weaknesses over its Rate Adjustment Fund (RAF) program.
The RAF was created in 1975 to provide annual cost of living adjustments to persons who had received awards for permanent total disabilities or to the survivors of fatally injured workers. These awards are usually paid over many years to eligible recipients and are funded by assessments on employers.
In our previous examination, we noted the Commission discovered payment discrepancy problems and conducted reviews of all RAF cases, their histories and payments to identify potential cases that may have been eligible for payments. As a result, the Commission together with the Office of the Comptroller, estimated a potential liability for back claims ranging from $18 to $22 million.
During our current review of RAF processes and procedures, we noted the following internal control deficiencies:
- The RAF database was not timely updated for self-insured entities and insurance companies.
- The Commission lacked procedures to track RAF cases appealed beyond the Commission (Circuit, Appellate, or Supreme Courts).
- The Commission lacked internal controls for terminating RAF benefit payments. Our sample testing of 25 recipients whose eligibility to receive RAF benefit payments had ended showed that one received benefit payments for three months after they should have been terminated, resulting in an overpayment of $1,887. Also, benefit payments of $7,390 were erroneously made to survivors of a fatally injured worker.
- The Commission used incorrect data for benefit payments. Of 25 new cased tested, one used a $511 per week amount instead of a revised amount of $534 per week. Other problems included an incorrect amount posted to the docket system; cases not consistently coded as RAF in the docket system; one case with an erroneous start date; and five cases with no evidence of review to ensure accuracy of data input into the database.
- Penalties for nonpayment of assessments were not sought from insurance companies. (Finding 2, page16-19)
We recommended that Commission management strengthen internal controls and procedures over the RAF program.
Commission officials agreed with our recommendation and stated they are working to build a database which will incorporate many checks and balances and provide automatic terminations, suspensions and provide standardized calculations.
INADEQUATE CONTROLS OVER INJURED WORKERS BENEFIT FUND
The Commission did not have adequate controls to ensure that settlements for noncompliance with insurance requirements in accordance with the Workers Compensation Act (Act) were properly documented and monitored.
The Commission investigates employers for noncompliance with the requirement to maintain insurance in accordance with the Act. Employers found noncompliant are penalized $500 per day or a minimum of $10,000 if an order is issued by the Commission. The Commission determines the amount of penalty and settles with uninsured employers. The settlement amount is determined by Commission investigators based on factors such as financial capability and cooperation from uninsured employers.
During our testing, we noted the Commission did not have formal policies and procedures to define the proper determination of settlement amounts charged to noncompliant employers. Commission investigators determine the maximum penalty but this is usually reduced through the negotiation process with the employer and settled at a lower amount. There are no documented guidelines established to reduce the penalty and the extent of a reduction that can be made.
In addition, we noted that manual files of uninsured employers contained correspondence, computation of fines, penalties and settlement amounts, and other documents gathered during investigation and settlement. However, the electronic case files which were developed to provide accurate online and real time information on cases were not updated with current information from the manual files. (Finding 3, pages 20-21)
We recommended the Commission establish formal policies and procedures to provide guidelines for negotiation and settlement for uninsured employers, and that the Commission provide adequate oversight so that both manual and electronic case files are properly maintained.
Commission officials agreed with our recommendations and stated a new manager was starting and will be responsible for establishing formal polices.
NEED TO IMPROVE SECURITY POLICIES AND CONTROLS
The Commission had not established adequate security policies and control over its computer environment.
The primary mission of the Commission is to provide a no-fault system of benefits paid by employers to workers who experience job-related injuries or diseases. The Commission operates the state court system for workers’ compensation cases. To accomplish this, the Commission relies on its mainframe and local area network (LAN) applications. The current computer policy was outdated and did not provide details with regards to computer operations at the Commission.
In addition, while Commission employees needed a password to gain access to the local area network, they were not required to change this password on a regular interval. Furthermore, employees could log into many computers at the same time. (Finding 8, pages 31-32) This finding was first reported in 2003.
We recommended the Commission establish comprehensive policies and procedures that outline general security provisions, appropriate use of computer resources, backup and care of data, and other appropriate policies to help ensure that effective controls exist. The policies and procedures should be communicated to all users, and monitored for compliance. In addition, all users should be required to sign a statement acknowledging they have read, understand, and agree to comply with these policies. Further, the Commission should strengthen computer security within its computing environment by enforcing an access control strategy, such as limiting concurrent connections and ensuring passwords are changed on a periodic basis.
Commission officials agreed with the recommendations. (For previous agency response, see Digest Footnote #1.)
The remaining findings dealt with inadequate control over Sate property, Fiscal Control and Internal Auditing Act, performance evaluations, and computer related findings dealing with systems development, disaster contingency planning and strategic planning. We will review progress toward implementation of all finding recommendations during our next audit.
Our auditors state the financial statements present fairly, in all material respects, the financial position of the Self-Insurers’ Security Fund of the State of Illinois Workers’ Compensation Commission, as of June 30, 2009, and the changes in financial position and cash flows, thereof for the year then ended.
WILLIAM G. HOLLAND, Auditor General
SPECIAL ASSISTANT AUDITORS
Our special assistant auditors for this audit were E.C. Ortiz & CO., LLP.
#1 –COMPUTER SECURITY ADMINISTRATION DEFICIENCIES (Previous Agency Response)
2007: “The Commission agrees with this recommendation. Many of these processes and policies either already exist and need updating or need documentation and formalization. The IT Department is working with the HR Department to include the correct information in an updated employee handbook. Everything else specific to IT related security and operations is being handled as part of our overall service management implementation. All is scheduled for completion and remediation by end of calendar year 2008.”