REPORT DIGEST

STATE EMPLOYEES’ RETIREMENT SYSTEM

COMPLIANCE EXAMINATION
FOR THE YEAR ENDED JUNE 30, 2017

Release Date:  April 26, 2018

FINDINGS THIS AUDIT:  3

CATEGORY:  NEW -- REPEAT -- TOTAL
Category 1:  0 -- 0 -- 0
Category 2:  1 -- 2 -- 3
Category 3:  0 -- 0 -- 0
TOTAL:  1 -- 2-- 3

FINDINGS LAST AUDIT: 3

Category 1: Findings that are material
weaknesses in internal control and/or a
qualification on compliance with State laws
and regulations (material noncompliance).
Category 2: Findings that are significant
deficiencies in internal control and
noncompliance with State laws and
regulations.
Category 3: Findings that have no internal
control issues but are in noncompliance with
State laws and regulations.

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, Iles Park
Plaza, 740 E. Ash Street, Springfield, IL
62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

This digest covers our Compliance Examination
of the State Employees’ Retirement System for
the year ended June 30, 2017.  A separate
Financial Audit as of and for the year ending
June 30, 2017, was previously released on
February 8, 2018.  In total, this report
contains 3 findings, none of which were
reported in the Financial Audit.

SYNOPSIS

• (17-1) The State Retirement System, which
administers the State Employees’ Retirement
System, has weaknesses in their change
management procedures.

• (17-2) The State Employees’ Retirement
System of the State of Illinois has had a
vacancy in one of its thirteen required
trustees of the Board for more than two
years.

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

CHANGE MANAGEMENT WEAKNESSES

The State Retirement System, which
administers the State Employees’ Retirement
System (System), has weaknesses in their
change management procedures.

The System develops and deploys custom
software to manage pension accounts of
Illinois members and collects, stores, and
processes confidential and protected
information related to this mission.

The System had established formal change
management procedures; however, the
procedures did not address migrating changes
into the production environment. In addition,
programmers developing and making changes to
applications had access to the production
environment and the capability to implement
changes. Furthermore, monitoring tools were
not in place to detect unauthorized code
migrations.  (Finding 1, page 10)

We recommended the System continue to update
its change management procedures to address
specific procedures for migrating changes
into the production environment. We also
recommended, the procedures include a
standard form for requesting a change be
moved into production and include user and
management approval and ensure programmers
are prevented from migrating changes into the
production environment. Lastly, we
recommended if the Office determines that
programmer access is necessary in some
situations, it should establish and enforce
compensating controls to ensure appropriate
and documented management oversight and
approval.

System officials accepted the auditor’s
recommendation and indicated they are working
to implement an upgrade to existing software
in calendar year 2018 which will remedy the
change management weaknesses noted.

BOARD OF TRUSTEES VACANCY

The State Employees’ Retirement System of the
State of Illinois (System) has had a vacancy
in one of its thirteen required trustees of
the Board for more than two years as of the
end of fieldwork on November 17, 2017.

During the current compliance examination,
the auditors noted that a Board member
resigned from the Board on October 15, 2015.
The System’s Executive Secretary informed the
Board of the resignation on that same day. In
addition, on November 4, 2015 the Executive
Secretary communicated this vacancy to the
Governor’s Office via email requesting that
the vacancy be filled. As of the end of
fieldwork on November 17, 2017 the vacancy
had not been filled and there has been no
further follow-up communications with the
Governor’s Office by the System.  (Finding 2,
page 11)

We recommended the System continue to
communicate with the Governor’s Office in
order to fill the vacancy in its Board of
Trustees.

The System accepted the auditor’s
recommendation and indicated they will
communicate with the Office of the Governor
to seek an appointment which will fully staff
the Board.

OTHER FINDINGS

The remaining finding pertains to the System
not properly monitoring its contracts during
the engagement period.  We will review the
System’s progress towards the implementation
of our recommendations in our next State
compliance examination.

ACCOUNTANT’S OPINION

The accountants conducted a State compliance
examination of the State Employees’
Retirement System for the year ended June 30,
2017, as required by the Illinois State
Auditing Act.  The accountants stated the
System complied, in all material respects,
with the requirements described in the
report.

This State compliance examination was
conducted by RSM US LLP.

JANE CLARK
Division Director

This report is transmitted in accordance with
Section 3-14 of the Illinois State Auditing
Act.

FRANK J. MAUTINO
Auditor General

FJM:JAF