REPORT DIGEST

EASTERN ILLINOIS UNIVERSITY

FINANCIAL AND COMPLIANCE AUDIT
(In Accordance with the Single Audit Act and OMB Circular A-133)

For the Year Ended:
June 30, 2001

Summary of Findings:

Total this audit 4
Total last audit 6
Repeated from last audit 0

Release Date:
March 15, 2002

Logo.gif (1870 bytes)

State of Illinois
Office of the Auditor General

WILLIAM G. HOLLAND
AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General
Attn: Records Manager
Iles Park Plaza
740 E. Ash Street
Springfield, IL 62703

(217)782-6046 or TDD (217) 524-4646

This Report Digest is also available on
the worldwide web at
http://www.state.il.us/auditor

 

 

 

 

 

 

SYNOPSIS

 

  • The University misallocated revenue bond transactions between accounting entities.

 

  • The University did not have adequate computer security controls.

 

 

 

 

 

 

 

 

 

{Expenditures and Activity Measures are summarized on the reverse page.}

 

EASTERN ILLINOIS UNIVERSITY
FINANCIAL AND COMPLIANCE AUDIT
For The Period Ended June 30, 2001

FINANCIAL OPERATIONS (CURRENT FUNDS)

FY 2001

FY 2000

REVENUE

Appropriations
Payments on behalf of the University
Student tuition and fees
Grants, contracts, and gifts
Sales and services of educational activities
Auxiliary enterprises
Other

Total Revenue

EXPENDITURES AND MANDATORY TRANSFERS

Instruction
Research
Public services
Academic support
Student services
Institutional support
Operation of plant
Scholarships and fellowships
Auxiliary enterprises
Mandatory transfers

Total Expenditures and Mandatory Transfers

 

$50,908,696
17,605,030
39,257,535
14,780,328

3,169,053
22,060,108
3,477,525

$151,258,279

$54,983,356


801,948
7,743,892
12,086,368
12,895,140
13,395,770
11,645,890
8,869,047
23,894,911
130,532
$146,446,854

 

$47,628,378
15,583,805
38,742,770
14,223,568

3,562,980
21,894,352
3,077,586

$144,713,439

$50,337,889


590,053
7,422,660
11,146,509
12,365,473
13,509,297
11,656,808
8,408,260
22,468,969
370,276
$138,276,194

SELECTED ACCOUNT BALANCES (ALL FUNDS)

JUNE 30, 2001

JUNE 30, 2000

Cash and investments
Buildings, land, and equipment
Accrued compensated absences
Revenue bonds payable
Fund balances (deficit):
Current Unrestricted
Current Restricted
Loan
Endowment and similar
Net investment in plant
$41,876,998
$213,059,739
$15,779,449
$54,535,000

$(10,400,452)
$2,596,280
$5,437,183
$352,435
$180,553,258
$39,872,911
$188,853,593
$15,939,645
$46,515,000

$(7,961,534)
$4,463,384
$5,222,162
$376,090
$157,238,855

SUPPLEMENTARY INFORMATION (Unaudited)

FY 2001

FY 2000

Employment Statistics
Faculty/administrative
Civil service
Student employees
Total Employees

Selected Activity Measures
Annual full-time equivalent students
Full-time equivalent costs per student


849
901
322
2,072


9,260
$10,552


823
905
257
1,985


9,775
$9,255

UNIVERSITY PRESIDENT

During Audit Period: Dr. Carol Surles
Currently: Mr. Louis V. Hencken (Interim President – beginning August 1, 2001)

 

 

 

 

 

 

 

 

 

 

 

$11.8 million of outstanding revenue bonds were overstated in the Living entity

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

246 users had passwords that never expired including some with powerful access privileges

 

 

 

 

 

 

 

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

SOME REVENUE BOND TRANSACTIONS WERE MISALLOCATED BETWEEN ACCOUNTING ENTITIES

The University failed to properly record its revenue bond activity between two of its accounting entities as required by the Legislative Audit Commission’s University Guidelines (Guidelines).

During our testing we noted that the percentages used to allocate the revenue bond payments and the revenue bond obligations were different. This resulted in transactions that were recorded in the incorrect revenue bond accounting entity as noted below:

  • The outstanding revenue bonds were overstated in the Living entity by approximately $11.8 million and needed to be transferred to the Facilities entity.
  • Bond discounts and issuance costs of $26,500 were overstated in the Facilities entity and needed to be transferred to the Living entity.
  • The Living entity overpaid debt service cost of approximately $130,000 for this fiscal year.

The Guidelines (Section III. D.1.) state that there shall be no subsidies between accounting entities. According to University personnel, a miscalculation in the bond allocation percentages caused the above differences. (Finding 1, pages 20-21)

We recommended the University implement controls to ensure the University is properly calculating bond allocation percentages according to the Guidelines.

University officials agreed with our recommendation and responded that controls were in place to calculate and reallocate debt service expenditures between Auxiliary Facilities entities as appropriate. The University noted that the impacts on percentage allocations due to numerous bond issues and refinancings are complex.

NEED TO IMPROVE CONTROLS OVER NETWORK SERVER SECURITY

The University had over $7.6 million invested in computing hardware and approximately 2,900 users had access to administrative computing resources. They rely on critical applications on the mainframe and some network servers, such as the student records system and student loans system, to conduct business. We reviewed the security settings and the following weaknesses were noted:

  • Password controls were not always in place. While the University’s policy establishes password change every 35 days, 246 users had passwords that never expired. Some of these accounts belonged to security administrators and others with powerful access privileges.
  • Some of the network’s software security features had not been activated.

The principles of good internal controls require reasonable cost-effective procedures be implemented to ensure the integrity and security of information maintained on the University’s computer systems. (Finding 2, pages 22-24)

We recommended the University develop and enforce minimum standard security guidelines to ensure security controls are adequately addressed.

University officials disagreed, in part, with our recommendation stating that many of their computing resources are purposely set up for public access. For these environments, blanket implementation of our recommendations would have a devastating negative effect on the University’s primary mission of education, research and service. They further stated, reasonable cost-effective procedures would be implemented, where appropriate.

In an Auditor Comment, we disagreed with the response. Although educational institutions may have some unique needs; basic security standards must be established. Included in the group of 246 users that were not required to change their passwords were accounts with powerful access privileges. A frequent password change is essential for those with powerful access privileges since unauthorized use of these user identifications may permit unrestricted access to critical resources and data.

OTHER FINDINGS

The remaining findings are less significant and are reportedly being given attention by the University. We will review progress toward implementing these recommendations in our next audit.

Mr. Jeffrey L. Cooley, Vice President for Business Affairs, provided responses to the findings and recommendations.

AUDITORS' OPINION

Our auditors state the University's financial statements as of and for the year ended June 30, 2001 are fairly presented in all material respects.

____________________________________

WILLIAM G. HOLLAND, Auditor General

WGH:JAF:pp

SPECIAL ASSISTANT AUDITORS

Doehring, Winders & Co. LLP were our special assistant auditors on this engagement.