REPORT DIGEST DEPARTMENT OF EMPLOYMENT SECURITY COMPLIANCE EXAMINATION FOR THE TWO YEARS ENDED JUNE 30, 2021 Release Date: Aug. 30, 2022 FINDINGS THIS AUDIT: 26 CATEGORY: NEW -- REPEAT – TOTAL Category 1: 1 – 2 -- 3 Category 2: 17 -- 6 -- 23 Category 3: 0 -- 0 -- 0 TOTAL: 18 -- 8 -- 26 FINDINGS LAST AUDIT: 15 Category 1: Findings that are material weaknesses in internal control and/or a qualification on compliance with State laws and regulations (material noncompliance). Category 2: Findings that are significant deficiencies in internal control and noncompliance with State laws and regulations. Category 3: Findings that have no internal control issues but are in noncompliance with State laws and regulations. State of Illinois, Office of the Auditor General FRANK J. MAUTINO, AUDITOR GENERAL To obtain a copy of the Report contact: Office of the Auditor General, Iles Park Plaza, 740 E. Ash Street, Springfield, IL 62703 (217) 782-6046 or TTY (888) 261-2887 This Report Digest and Full Report are also available on the worldwide web at www.auditor.illinois.gov INTRODUCTION This digest covers our compliance examination of the Department of Employment Security (Department) for the two years ended June 30, 2021. A separate financial audit as of and for the year ended June 30, 2021, was previously released on June 16, 2022. In total, this report contains 26 findings, 3 of which were also reported in the financial audit. DISCLAIMER The Department has not maintained certain accounting records and supporting documents relating to transactions with its beneficiaries. Accordingly, we were unable to extend our examination procedures sufficiently to determine whether the Department was in compliance with the specified requirements. Because of the limitations on the scope of our examination, the scope of our work was not sufficient to enable us to express, and we do not express, an opinion on whether the Department complied with the specified requirements, in all material respects. SYNOPSIS • (21-12) The Department of Employment Security did not have adequate controls over the required reconciliations of its records with the reports from the Office of Comptroller. • (21-21) The Department of Employment Security had inadequate controls over security of confidential information. FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS INADEQUATE CONTROLS OVER MONTHLY RECONCILIATIONS The Department did not have adequate controls over the required reconciliations of its records with the reports from the Office of Comptroller (Comptroller). During testing of the Fiscal Year 2020 reconciliations between Comptroller records and Department records, we noted that for two of 8 (25%) months tested, the Monthly Revenue Status Report (SB04) reconciliations were not performed in a timely manner. These were prepared 4 to 360 days late. Additionally, during our testing of eight monthly reconciliations of locally held funds of Fiscal Years 2020 and 2021, we noted that reconciliations prepared did not include evidence to indicate when the reconciliations were performed, thus timeliness of the reconciliations could not be determined for all eight (100%) reconciliations tested. (Finding 12, page 28). This finding has been reported since 2017. We recommended the Department consistently complete required monthly reconciliations relating to revenues and locally held funds in a timely manner. The Department accepted our recommendation. WEAKNESSES IN SECURITY AND CONTROL OF CONFIDENTIAL INFORMATION The Department had inadequate controls over security of confidential information. The Department had established a myriad of applications in order to meet its mission and mandate. The Department processed and maintained confidential and personal information within these applications, such as names, addresses, dates of birth and Social Security numbers. During review of Department policies and procedures, we noted the Department had not: • Developed breach notification procedures for information other than Social Security numbers. • Developed encryption and redaction requirements for types of information other than Social Security numbers. • Developed data destruction procedures for all potential sources of confidential information. (Finding 21, pages 46-47) We recommended the Department develop breach notification procedures for all types of confidential information, encryption and redaction requirements for all types of confidential information, and data destruction procedures for all potential sources of confidential information. The Department accepted our recommendation. OTHER FINDINGS The remaining findings are reportedly being given attention by Department personnel. We will review the Department’s progress towards the implementation of our recommendations in our next State compliance examination. AUDITOR’S OPINION The financial audit report was previously released. The Department of Employment Security did not maintain certain accounting records and supporting documents for the Unemployment Compensation Trust Fund (Trust Fund) relating to transactions with its beneficiaries, nor was the Trust Fund’s internal control adequate to provide safeguards over Trust Fund assets and to assure the proper recording of transactions. Accordingly, we were unable to extend our auditing procedures sufficiently to determine the extent to which the financial statements may have been affected by these conditions. Because of the significance of the matter described, we were not able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion. Accordingly, we did not express an opinion on these financial statements. ACCOUNTANT’S OPINION The Department of Employment Security has not maintained certain accounting records and supporting documents relating to transactions with its beneficiaries. Accordingly, we were unable to extend our examination procedures sufficiently to determine whether the Department was in compliance with the specified requirements. Because of the limitations on the scope of our examination, the scope of our work was not sufficient to enable us to express, and we do not express, an opinion on whether the Department complied with the specified requirements, in all material respects. The financial audit and this compliance examination were engaged to be conducted by RSM US LLP. JANE CLARK Division Director This report is transmitted in accordance with Section 3-14 of the Illinois State Auditing Act. FRANK J. MAUTINO Auditor General FJM:dmg