REPORT DIGEST

 

DEPARTMENT OF EMPLOYMENT SECURITY

 

FINANCIAL AUDIT AND COMPLIANCE EXAMINATION

For the Year(s) Ended: June 30, 2011

 

Release Date: February 28, 2012

 

Summary of Findings:

Total this audit: 4

Total last audit:  9

Repeated from last audit: 3

 

State of Illinois, Office of the Auditor General

WILLIAM G. HOLLAND, AUDITOR GENERAL

 

To obtain a copy of the Report contact:

Office of the Auditor General, Iles Park Plaza, 740 E. Ash Street, Springfield, IL 62703

(217)    782-6046 or TTY (888) 261-2887

 

This Report Digest and Full Report are also available on the worldwide web at www.auditor.illinois.gov

­­­­­­­­­­­____________________________

 

SYNOPSIS

 

• The Department had inadequate controls over the security and use of Super IDs.

 

• The Department understated its allowance for uncollectible accounts for other receivables by $9.5 million.

 

• The Department did not execute its intergovernmental agreements with other State agencies in a timely manner.

 

• The Department did not issue eligibility determination within the prescribed timeframe.

 

• The Department did not verify social security numbers of new claimants.

 

INTRODUCTION

 

In July 2009 the State of Illinois began receiving repayable advances from the Federal Government for the Illinois Compensation Trust Fund.  At June 30, 2011, this amount totaled approximately $2,188,549,000.

 

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

 

INADEQUATE CONTROLS OVER COMPUTER SECURITY

 

The Department of Employment Security (Department) had inadequate controls over the security and use of Super IDs.

 

The Information Services Division (ISD) is responsible for the development and maintenance of the Department’s information systems and for preserving the integrity and security of information warehoused within those systems.  The Department processed approximately $2.6 billion in employer unemployment tax revenue contributions and $6.4 billion of unemployment payments in fiscal year 2011. 

 

A Super ID is a user ID that gives the user full access to all files, programs, tables and databases and all environments (Development, Test and Production).  The Department had issued five Super User IDs.  Four Super IDs were assigned to the Applications Manager who supports the Human Resources, Finance, and Revenue systems, and one Super ID was assigned to the Applications Manager who supports the Benefits system.  The ISD managers allow their programmers to use the Super IDs by sharing the password

 

 

The use of the Super IDs increases the risk of unauthorized access to systems and data which could jeopardize the integrity of the Department’s resources. Programming staff should generally be limited to accessing only the information specifically required to complete their assigned system development projects. (Finding 5, Page 18) This finding was first reported in 2008.

 

We recommended that the Department allocate the resources necessary to correct day-to-day transactional and applications-related information systems problems, without compromising the security of those systems by over utilizing Super ID access rights. Further, the Department should restrict the use of the Super ID to emergency cases only, as required by Department policy.

 

           

Department officials accepted the recommendation and stated that they have restricted the use of these IDs to emergency cases, which occur outside of regular business hours. Furthermore their goal is to eliminate the use of Super IDs completely by increasing the skill level of Department employees working in Information Systems Bureau’s (ISB) Support Services.  (For the previous Department response, see Digest footnote #1)

 

INACCURATE BALANCE OF ALLOWANCE FOR UNCOLLECTIBLE ACCOUNTS FOR OTHER RECEIVABLES

 

The Department understated its allowance for uncollectible accounts for other receivables by $9.5 million.

 

The Department established an allowance for uncollectible accounts for other receivables based on 4-year historical cycle.  Other receivables represent benefit overpayments. 

 

As of June 30, 2011, the Department had Other Receivables of $606 million and the allowance for other receivables at year-end was $413 million.  During the audit, we noted that the Department identified on November 2010 uncollectable accounts of approximately $30 million for write-off.  An allowance for uncollectible accounts percentage of approximately 68.18% based on historical cycle was applied instead of setting-up the allowance for the whole $30 million, resulting in an adjustment of $9.5 million.  This amount is not material to the financial statements for the year and no adjustment was made.  (Finding 2, Page 14) 

 

We recommended the Department review its uncollectible accounts in compliance with its procedures and reevaluate the allowance for uncollectible accounts for other receivables for reasonableness. 

 

Department officials accepted the recommendation and stated that an adequate allowance for uncollectible accounts for other receivables has been recorded and the uncollectible accounts noted will be reviewed for write-off. 

 

INTERAGENCY AGREEMENTS NOT EXECUTED IN A TIMELY MANNER

 

The Department did not execute its intergovernmental agreements with other State agencies in a timely manner. 

 

During our detailed review of 17 interagency agreements, we noted that 15 of the intergovernmental agreements (88%) had contract terms prior to the completion of an executed agreement.  The agreements were signed between 32 and 214 days late. (Finding 5, Page 18) This finding was first reported in 2008.

 

We recommended the Department improve its process for timely executing intergovernmental agreements. 

 

Department officials accepted the recommendation and stated that they are continuing to improve the approval process by beginning the Memorandum of Understanding (MOU) approvals earlier in the year and meeting regularly to speed up the approval process.   (For the previous Department response, see Digest footnote #2)

 

UNTIMELY ISSUANCE OF ELIGIBILITY DETERMINATION

 

The Department did not issue eligibility determinations within the prescribed timeframe. 

 

During the fiscal year, we noted the Department did not meet the acceptable coverage of at least 80% for timely non-monetary determinations for three of four quarters.  20 Code of Federal Regulation Part 640.3 requires that a State law include provisions for such methods of administration as will reasonably insure the full payment of unemployment benefits for eligible claimants with  the greatest promptness that is administratively feasible. (Finding 6, Page 19)

 

We recommended the Department implement procedures to ensure all eligibility determinations are made within the prescribed timeframes.

 

Department officials accepted the recommendation and stated that they have made improvements toward implementation of the recommendation.

 

FAILURE TO VERIFY SOCIAL SECURITY NUMBERS

 

The Department did not verify social security numbers of new claimants.

 

The Department requires that a claimant provide the local office with a valid Social Security card or other evidence of their Social Security number (SSN) and any other form of positive identification such as a driver’s license, state photo ID card, or payroll check.  During the year, the Department made benefit payments of approximately $2.9 million to claimants with SSNs reported as potentially invalid by the Social Security Administration (SSA). (Finding 7, Page 20)

 

We recommended the Department verify new claimants’ social security numbers.

 

Department officials accepted the recommendation. 

 

AUDITORS’ OPINIONS

 

Our auditors stated the financial statements present fairly, in all material respects, the financial position of the Non-shared Funds of the Department of Employment Security as of June 30, 2011, and the changes in financial position and cash flows, where applicable, thereof for the year then ended.

 

 

WILLIAM G. HOLLAND

Auditor General

 

WGH:TLK:rt

 

SPECIAL ASSISTANT AUDITORS

 

E.C. Ortiz & Co., LLP were our special assistant auditors.

 

DIGEST FOOTNOTES

#1 – Inadequate Controls Over Computer Security –Previous Department Response-2010

 

We accept the recommendation.  System and programming changes have been made that have driven down the number of transactional problems that resulted in non-emergency Super ID utilization, and the Department will continue to rely on existing compensating controls while working to minimize the related transactional problems.

 

#2 –Interagency Agreements Not Executed in a Timely Manner –Previous Department Response

 

We accept the recommendation.  The Department will work toward improving the process for timely execution of interagency agreements.  Discussions with the Department of Commerce and Economic Opportunity (DCEO) on the schedule for next year’s agreements are already underway.