
REPORT DIGEST

DEPARTMENT OF INSURANCE

STATE COMPLIANCE EXAMINATION
FOR THE TWO YEARS ENDED JUNE 30, 2022

Release Date:  March 23, 2023

FINDINGS THIS AUDIT:  19

CATEGORY:  NEW -- REPEAT -- TOTAL
Category 1:  3 -- 3 -- 6
Category 2:  7 -- 6 -- 13
Category 3:  0 -- 0 -- 0
TOTAL:  10 -- 9 -- 19

FINDINGS LAST AUDIT: 11

Category 1: Findings that are material
weaknesses in internal control and/or
a qualification on compliance with
State laws and regulations (material
noncompliance).
Category 2: Findings that are
significant deficiencies in internal
control and noncompliance with State
laws and regulations.
Category 3: Findings that have no
internal control issues but are in
noncompliance with State laws and
regulations.

State of Illinois, Office of the
Auditor General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report
contact:
Office of the Auditor General, Iles
Park Plaza, 740 E. Ash Street,
Springfield, IL 62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are
also available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

Because of the significance and
pervasiveness of the findings
described within the report, we (the
accountant’s) expressed an adverse
opinion on the Department’s compliance
with the specified requirements which
comprise a State compliance
examination.  The Codification of
Statements on Standards for
Attestation Engagements (AT-C §
205.72) states a practitioner “should
express an adverse opinion when the
practitioner, having obtained
sufficient appropriate evidence,
concludes that misstatements,
individually or in the aggregate, are
both material and pervasive to the
subject matter.”

SYNOPSIS

• (22-01) The Department did not have
adequate controls over the reporting
and collection of its accounts
receivable.
• (22-02) The Department’s Public
Pension Division did not perform
required examinations of police and
firefighters pension funds once every
three years as required by the
Illinois Pension Code.
• (22-04) The Department failed to
implement internal controls over
users’ access.

FINDINGS, CONCLUSIONS, AND
RECOMMENDATIONS

INADEQUATE CONTROLS OVER ACCOUNTS
RECEIVABLES
The Department of Insurance
(Department) did not have adequate
controls over the reporting and
collection of its accounts receivable.
Specifically, we noted the following:
• The Department did not track and
ultimately did not report accounts
receivables for cost containment fees,
data sales, and public sales for
Fiscal Years 2021 and 2022 in the
Quarterly Summary of Accounts
Receivable Reports (C-97, C-98, and
C-99 Forms) filed with the Illinois
Office of Comptroller (Comptroller).
The total billings for such fees
amounted to $2,475,161 and $2,552,771
for Fiscal Year 2021 and Fiscal Year
2022, respectively.
• For 2 of 25 (8%) June 30, 2022
accounts receivable balances tested
(both aged 917 days), the Department
had not placed them in the
Comptroller’s Offset System or
referred them to the Debt Collection
Bureau of the Illinois Department of
Revenue (Bureau). The two accounts
receivable balances totaled $113,000
as of June 30, 2022.
• For 8 of 25 (32%) June 30, 2022 long
outstanding accounts receivable
balances tested (aged between 1,056 to
3,433 days), we noted the Department
did not refer to the Office of the
Attorney General for certification of
debts’ uncollectibility. The 8
accounts receivable balances totaled
$32,418 as of June 30, 2022.  (Finding
1, pages 12-14)

We recommended the Department
strengthen its controls over accounts
receivable by performing thorough
reviews and reconciliations of the
data it uses to generate the C- 97,
C-98, and C-99 Forms, having staff
already allocated to review and
monitor past due accounts also refer
them to the Comptroller’s Offset
System, the Bureau, or to the Office
of Attorney General as required by
State laws, or hire additional staff
to perform the required referrals.

The Department agreed with the
recommendation and noted   Department
staff has contacted the IOC on two
separate occasions for guidance on
reporting the revenues for Cost
Containment, Data Sales and Public
Sales. The Department has not received
a response from the IOC in regard to
procedures and if these funds need to
be reported. The Department stated it
has also performed initial steps in
writing of procedures for placing
outstanding accounts receivable into
the Illinois Department of Revenue
Debt Collection Bureau, and Department
staff has contacted the Office of the
Illinois Attorney General for
procedures for submitting
uncollectible debts.

FAILURE TO PERFORM REQUIRED
EXAMINATIONS OF POLICE AND FIREFIGHTER
PENSION FUNDS

The Department’s Public Pension
Division did not perform required
examinations of the 657 police and
firefighters pension funds once every
three years as required by the
Illinois Pension Code (Code).
Specifically, we noted the following:
• One (0.2%) pension fund has been
examined on four occasions since it
was initially due for examination.
Specifically, the Department did not
complete three required examinations
for the fund since the examination due
for 2004.
• 31 (5%) pension funds have been
examined on three occasions since they
were initially due for examination.
Specifically, the Department did not
complete four required audits for each
of the six pension funds due for
examination since 2004, three required
audits for each of the 22 pension
funds due for examination between
2005-2007, and two required audits for
each of the three funds due for
examination between 2008-2010.
• 373 (57%) pension funds have been
examined on two occasions since they
were initially due for examination.
Specifically, the Department did not
complete five required audits for each
of the 57 pension funds due for
examination since 2004, four required
audits for each of the 131 pension
funds due for examination between
2005-2007, three required audits for
each of the 166 pension funds due for
examination between 2008-2010, and two
required audits for each of the 19
funds due for examination between
2011-2013.
• 244 (37%) pension funds have been
examined on one occasion since they
were initially due for examination.
Specifically, the Department did not
complete five required audits for each
of the three pension funds due for
examination between 2005-2007, four
required audits for each of the 83
pension funds due for examination
between 2008-2010, three required
audits for each of the 126 pension
funds due for examination between
2011-2013, two required audits for
each of the eight funds due for
examination between 2014-2016, and one
required audit for each of the 22
funds due for examination between
2017-2019. The two pension funds were
examined once as required.
• Eight (1%) pension funds were
currently under examination as of June
30, 2022. Specifically, the Department
did not complete four required audits
for one pension fund due for
examination between 2005-2007, three
required audits for each of the four
pension funds due for examination
between 2008- 2010, and two required
audits for each of the three pension
funds due for examination between
2011-2013. (Finding 2, pages 15-17)
This finding has been reported since
2012.

We recommended the Department perform
the pension fund examinations every
three years as required by the Code.

The Department agreed with the
recommendation and noted it has taken
the following corrective actions to
address this finding: (1) continue to
use a risk-based examination system to
narrow the focus of subsequent
examinations; (2) use performance
criteria of a fund to select those
funds who are under performing for
examination; (3) use the current
review of the pension funds’ annual
statements to examine funds on the
material data of benefits and
contributions and management of the
fund and follow- up with further
examination if necessary; (4) in the
process of obtaining a third-party
vendor and adding staff to aid it with
completing examinations of Article 3
pension funds in a timely manner; (5)
continue to work with interested
parties to review whether legislative
changes related to the examination
cycle are appropriate and to clarify
the role of the Department and its
requirement to perform examinations of
pension funds.

FAILURE TO IMPLEMENT CONTROLS OVER
USER ACCESS

The Department failed to implement
internal controls over users’ access.

As part of its mission in regulating
the insurance market, the Department
utilizes several applications and
maintains confidential data. As part
of our examination, we requested the
Department provide populations of
users with access to the Accounting
Management System, Medical Malpractice
Claims Reporting System, and the
State’s Enterprise Resource Planning
(ERP) System in order to determine if
access was appropriate. However, the
Department did not have the requested
populations.

In addition, we requested the
Department provide populations of
users with access to the Central Time
and Attendance System (CTAS), eTime,
Central Payroll System (CPS),
midrange, and mainframe environments
in order to determine if access was
properly approved and timely disabled.
However, the Department did not have
the requested populations.

Further, we requested the Department
provide documentation that periodic
review of access rights had been
conducted. However, the Department did
not have the requested documentation.

As a result of the Department not
providing the above, we could not
conduct testing to determine if user
rights to the applicable
application(s) was appropriate.
(Finding 4, pages 20-21)

We recommended the Department work
with the Department of Innovation and
Technology to obtain an understanding
of each of the Departments’ roles and
responsibilities. Further, we
recommended the Department maintain
documentation of each applications’
users and ensure the users’ rights are
appropriate.

The Department agreed with the finding
and stated it had previously followed
DoIT’s Policies and Procedures for
user access controls. Going forward,
the Department will review user access
controls and identify any additional
controls needed. The Department will
then develop its own written policies
and procedures for user access
controls.

OTHER FINDINGS

The remaining findings are reportedly
being given attention by the
Department. We will review the
Department’s progress towards the
implementation of our recommendations
in our next State compliance
examination.

ACCOUNTANT’S OPINION

The accountants conducted a State
compliance examination of the
Department for the two years ended
June 30, 2022, as required by the
Illinois State Auditing Act.  Because
of the effect of noncompliance
described in Finding 2022-001 through
2022-019, the accountants stated the
Department did not materially comply
with the requirements described in the
report.

This State compliance examination was
conducted by Adelfia LLC.

JANE CLARK
Division Director

This report is transmitted in
accordance with Section 3-14 of the
Illinois State Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:jv