REPORT DIGEST

STATE EMPLOYEES’ RETIREMENT SYSTEM OF
ILLINOIS

COMPLIANCE EXAMINATION
FOR THE TWO YEARS ENDED JUNE 30, 2023

Release Date:  July 16, 2024

FINDINGS THIS AUDIT: 3

CATEGORY:  NEW -- REPEAT – TOTAL
Category 1:  0 -- 0 -- 0
Category 2:  2 -- 1 -- 0
Category 3:  0 -- 0 -- 0
TOTAL:  0 -- 0 -- 0

FINDINGS LAST AUDIT: 0

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, 400 West
Monroe, Suite 306, Springfield, IL
62704-9849
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

This digest covers the State compliance
examination of the State Employees’
Retirement System of Illinois (System) for
the two years ended June 30, 2023. A digest
covering the System’s financial audit as of
and for the year ended June 30, 2023, was
previously released on February 29, 2024.
This report contains three findings. The
financial audit report contained no
findings.

SYNOPSIS

• (23-2)  The State Employees’ Retirement
System of Illinois did not have adequate
controls in place over user access to its
Information Technology (IT) systems.

This digest covers the State compliance
examination of the State Employees’
Retirement System of Illinois (System) for
the two years ended June 30, 2023. A digest
covering the System’s financial audit as of
and for the year ended June 30, 2023, was
previously released on February 29, 2024.
This report contains three findings. The
financial audit report contained no
findings.


FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

INADEQUATE INTERNAL CONTROLS OVER ACCESS TO
INFORMATION SYSTEMS

The State Employees’ Retirement System of
Illinois (System) did not have adequate
controls in place over user access to its
Information Technology (IT) systems.

The System utilized a combination of systems
administered both internally as well as
externally. During a review of both internal
and external systems, we noted:

• The System did not retain evidence of
internal or external security reviews
performed during the examination period.
• 7 of 238 (3%) user accounts maintained
access to systems after the users’
separations. (Finding 2, page 10)

This finding has been reported since 2020.

We recommended the System perform and
document security reviews to ensure that
continued monitoring is being performed and
possible changes or updates to access rights
are being made. In addition, we recommended
the System implement controls to ensure
users’ access is timely removed after
separation.

The System agreed with our recommendations.

OTHER FINDINGS

The remaining findings pertain to inadequate
controls over security incident and
vulnerability management and inadequate
controls over change management. We will
review the System’s progress towards the
implementation of our recommendations in our
next State compliance examination.

AUDITOR’S OPINION

The financial audit report was previously
released. The auditors stated the financial
statements of the System as of and for the
year ended June 30, 2023, are fairly stated
in all material respects.

ACCOUNTANT’S OPINION

The accountants conducted a State compliance
examination of the System for the two years
ended June 30, 2023, as required by the
Illinois State Auditing Act. The accountants
stated the System complied, in all material
respects, with the requirements described in
the report.

This State compliance examination was
conducted by RSM US LLP.

JANE CLARK
Division Director

This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:dmg