Volume 23, 2017 Annual
Emerging and Potential Audit Issues
Frank J. Mautino, Auditor General
Auditor General Frank J. Mautino
The Office of the Auditor General was created as an arm of the legislative branch of State Government to serve as an agent of public accountability and to provide useful information to the General Assembly.
The Constitution of 1970 implemented a major change in State auditing by creating the Office of the Auditor General as a Constitutional Officer appointed by the General Assembly. It specifically directs the Auditor General to conduct the audit of public funds of the State.
As Auditor General, I am charged with carrying out the State’s post audit program. The mission of my Office is to assist the General Assembly in achieving oversight of State government and improving State agency operations by:
(a) performing objective audits and evaluations of State agency programs and operations;
(b) providing useful information generated by such audits to the General Assembly;
(c) offering recommendations to bring governmental operations into conformity with the legislative intent; and
(d) providing information to the General Assembly to make informed policy decisions.
The Auditor General assists the General Assembly in achieving oversight and improvement by furnishing useful and concise information. To accomplish its mission, the Office of the Auditor General has three audit divisions: Financial and Compliance Audits, Performance Audits, and Information Systems.
In summary, the Office performs objective and comprehensive evaluations of the practices and operations of State agencies to determine their conformity with legislative policy and the underlying causes of any problems and deficiencies. The results of these evaluations are analyzed, synthesized, and provided to the Legislature to assist them in the oversight of government. This information enables the Legislature to determine what agencies are doing, how well State government is working, and what improvements are necessary.
Planning Program for State Agencies
State agencies need an adequate planning program to ensure compliance with laws, rules and regulations. Therefore, during a compliance audit, auditors will request information to address questions such as:
1. Does the agency have written long-term goals and shorter-term objectives and are the goals consistent with the agency’s statutory mandates and authority?
2. Do agency units and programs have objectives that link their activities to agency goals and objectives?
3. Have strategies and time frames for achieving objectives been documented?
4. Is there evidence that productivity, workload, and performance information is used in the agency’s budget process to assign priorities and resources?
5. Are unit and program managers participants in both the planning and budget process?
6. Does the agency have a documented system for routine program monitoring?
7. Have key measurement criteria been developed to assess progress toward objectives?
8. Has responsibility for achieving objectives been assigned and documented?
9. Has management implemented controls to verify the accuracy of data in management reports?
10. Is there evidence of administrative action (such as staff reallocations) based on monitoring information?
11. Has the agency established a program for efficient management of records at the agency as required by the State Records Act (5 ILCS 160/9)?
12. Has the agency appointed a records officer?
13. Has management reviewed agency internal controls and certified their compliance with the Fiscal Control and Internal Auditing Act?
14. Has management acted to correct findings noted in prior audits and examinations?
15. Has management implemented policies and procedures to identify all laws, rules, and regulations that govern their operations?
New Accounting Standards
For Fiscal Year 2017, the following new governmental accounting standards will be implemented in preparing the State’s Comprehensive Annual Financial Report (CAFR), according to the Office of the State Comptroller:
• Statement No. 73, Accounting and Financial Reporting for Pensions and Related Assets That Are Not within the Scope of GASB Statement 68, and Amendments to Certain Provisions of GASB Statements 67 and 68, which clarifies the application of certain provisions of Statement No. 67 and Statement No. 68. A portion of this statement was implemented as of June 30, 2016. The remaining portion, which addresses the accounting and reporting requirements for financial reports of governments with pensions and pension plans not administered through trusts that met the criteria in Statement No. 68, will be implemented for the year ended June 30, 2017.
• Statement No. 74, Financial Reporting for Postemployment Benefit Plans Other Than Pension Plans, which establishes standards for the financial reports of defined benefit OPEB plans administered through trusts that meet specified criteria.
• Statement No. 77, Tax Abatement Disclosures, which requires governments that enter into tax abatement agreements to disclose specific information about the nature and magnitude of tax abatements to make these transactions more transparent to financial statement users.
• Statement No. 78, Pensions Provided through Certain Multiple-Employer Defined Benefit Pension Plans, which expands the scope of the GASB Statement No. 68 to pensions provided by certain multi-employer defined benefit pension plans that are not state or local government plans.
• Statement No. 80, Blending Requirements for Certain Component Units – an amendment of GASB Statement No. 14, which amends the blending requirements for the financial statement presentation of component units of all state and local governments.
• Statement No. 82, Pension Issues – an amendment of GASB Statements No. 67, No. 68, and No. 73, which addresses certain issues which have been raised with respect to Statements No. 67, No. 68, and No. 73.
Information Systems Audits
The Information Systems Audit Division’s primary focus is to review information systems to ensure:
• Security - systems are protected against both physical and logical unauthorized access.
• Availability - systems are available for operation and use as required.
• Processing integrity - system processing is complete, accurate, timely and authorized.
• Confidentiality - information designated as confidential is adequately protected.
The Division performs approximately 25 IS reviews each audit cycle as a component of selected Compliance Examinations. Areas routinely reviewed include:
• Logical Security Parameters
• Security and Control of Confidential Information
• Compliance with Payment Card Industry Standards
• Risk Assessments
• Security Policies
• Change Management
• Third Party Service Provider Use
• Project Management and Systems Development
• Application Reviews
The output from an IS review is a Fieldwork Summary (usually classified as confidential as it contains technical information that could jeopardize the security of systems or their data) that outlines the existing control environment, any identified weakness and associated recommendations. If findings are warranted, they are included in the Compliance Examination Report or Immaterial Letter.
The Division also performs an annual Service Organization Control (SOC) review of the State’s Information Technology Environment operated by the Department of Innovation & Technology. The Department provides data processing services to approximately 100 State agencies. The primary purpose of the review is to provide user agency management, internal auditors, Auditor General’s staff, and contract auditors assurance on the adequacy of the Department’s controls over its Information Technology Environment.
The Division also maintains the computer system environment for the office.
Performance audits provide objective analysis to assist management and those charged with oversight in using the information to improve program performance and operations and contribute to public accountability.
These performance audits are conducted in accordance with Government Auditing Standards established by the United States Comptroller General.
Auditors need to report conclusions based on the audit findings. Report conclusions are logical inferences about the program based on the findings and not merely a summary of the findings.
examining the areas specified in the audit resolution, performance audits offer
recommendations to correct any deficiencies that were identified. These
recommendations are then followed up on during future compliance audits to
ensure they have been implemented. The results of the follow up are reported
to the General Assembly.
PERFORMANCE AUDITS IN PROGRESS
June 30, 2017
Performance audits are conducted by the Office of the Auditor General at the request of legislators to assist them in their oversight function. Currently the Performance Audit Division is working on the following projects:
• Program audit of the Covering ALL KIDS Health Insurance Program.
• Performance audit of the Health Facilities and Services Review Board.
• Performance audit of DHS Office of Inspector General.
• Annual Review of Information Submitted by the Chicago Transit Authority’s Retirement Plan and Retiree Health Care Trust.
• State Actuary Report.
• Performance audit of the State’s Leasing Decision.
• Performance audit of the Oversight of the Community Integrated Living Arrangements (CILAs) at DHS.
• Program audit of Medicaid Managed Care Organizations (MCO).
• Performance audit of DCFS protocols for investigating reports of child abuse and neglect.
Other Reports on Our Web Page
All the reports that are completed by the Office of the Auditor General are available on the Office’s web page at www.auditor.illinois.gov. These include Financial, Compliance, Information Systems, and Performance audits. When an audit is released, it is put on our web page at 10:00 a.m. Any agency that is being audited or any individual who has requested the audit, such as legislators or members of the media, is informed the day before the report is released.
The Auditor General also provides the General Assembly with other types of information. This information is shown on our web page and includes the following:
• Fiscal Control and Internal Auditing Act (FCIAA) filings of State agencies.
• Emergency purchases of State agencies.
• Late filing affidavits of State agencies for contracts filed late.
• Quarterly reports of the Office of the Auditor General that are submitted to the Legislative Audit Commission.
• State actuary reports on the pension systems that are issued at the end of each year.
• The Annual Report of our Office. For example, in 2016, under the section Accountability, we reported the following key findings that were in our FY 2015 audits:
– The financial reporting process of the State of Illinois was inadequate;
– The tax rate information used to calculate employer contributions had inadequate controls;
– There was a lack of due diligence and project management over the Integrated Eligibility System, or IES; and
– The State had weaknesses in internal control over financial reporting.
The Annual Report also showed other significant findings at various State agencies.
Performance measurement is a critical element of accountability for public resources. It is important to know that public resources used to provide government services were spent in accordance with regulations.
Good performance information provides managers with the tools they need to manage for results. Performance should be measured to ensure services are of adequate quality and resources are used efficiently.
Goals. Goals help answer the question, “Where is the organization going?” Each goal should represent a desired result that can be measured. Goals should make sense to others outside the organization.
Objectives. Objectives are more specific than goals in that they provide specific and measurable targets to be accomplished. Objectives should be clear and concise; be specific and measurable; and have a timeframe.
Action Plans. Action plans should do the following for each program objective: Determine who will be responsible; provide detailed steps (e.g., assign responsibility and establish start and finish dates); and identify resources needed.
Developing Performance Measures. Performance measures should be part of the action plan and compare actual performance with expected results. At least one outcome measure should be established for each objective. A good process for developing performance measures would include:
• Defining performance measures based on the agency’s mission, goals, and objectives.
• Assessing a measure by asking if it is meaningful and focused on user needs.
• Defining each measure so users can easily understand the source of data, methods used to calculate the measure, and the timeframe for which the measure will be reported.
Office of the Auditor General
Iles Park Plaza, 740 East Ash Street
Springfield, Illinois 62703-3154
Michael A. Bilandic Building,
160 N. LaSalle Street, Suite S-900
Chicago, Illinois 60601-3109
Fraud Hotline: 1-855-217-1895