REPORT DIGEST

DEPARTMENT OF EMPLOYMENT SECURITY

FINANCIAL AUDIT
FOR THE YEAR ENDED JUNE 30, 2021

Release Date:  June 16, 2022

FINDINGS THIS AUDIT:  3

CATEGORY:  NEW -- REPEAT – TOTAL
Category 1:  1 -- 2 -- 3
Category 2:  0 -- 0 -- 0
Category 3:  0 -- 0 -- 0
TOTAL:  1 -- 2 -- 3

FINDINGS LAST AUDIT: 7

Category 1: Findings that are material
weaknesses in internal control and/or
a qualification on compliance with
State laws and regulations (material
noncompliance).
Category 2: Findings that are
significant deficiencies in internal
control and noncompliance with State
laws and regulations.
Category 3: Findings that have no
internal control issues but are in
noncompliance with State laws and
regulations.

State of Illinois, Office of the
Auditor General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report
contact:
Office of the Auditor General, Iles
Park Plaza, 740 E. Ash Street,
Springfield, IL 62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are
also available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

This digest covers the financial audit
of the Individual Nonshared
Proprietary Fund of the Department of
Employment Security for the year ended
June 20, 2021.  The Department’s
compliance examination covering the
two years ended June 30, 2021 will be
issued separately at a later date.

DISCLAIMER

The Department has not maintained
certain accounting records and
supporting documents for the Trust
Fund relating to transactions with its
beneficiaries, nor is the Trust Funds’
internal control adequate to provide
safeguards over the Trust Fund assets
and to assure the proper recording of
transactions.  Accordingly, we were
unable to extend our auditing
procedures sufficiently to determine
the extent to which the financial
statements may have been affected by
these conditions.  Because of the
significance of the matter described,
we have not been able to obtain
sufficient appropriate audit evidence
to provide a basis for an audit
opinion.  Accordingly, we do not
express an opinion on these financial
statements.

SYNOPSIS

• (21-1)  The Department of Employment
Security (Department) failed to
implement general Information
Technology (IT) controls over the
Pandemic Unemployment Assistance (PUA)
System.
• (21-2)  The Department failed to
maintain accurate and complete
Pandemic Unemployment Assistance (PUA)
claimant data.

FINDINGS, CONCLUSIONS, AND
RECOMMENDATIONS

FAILURE TO IMPLEMENT GENERAL
INFORMATION TECHNOLOGY CONTROLS OVER
THE PANDEMIC UNEMPLOYMENT ASSISTANCE
SYSTEM

The Department failed to implement
general Information Technology (IT)
controls over the Pandemic
Unemployment Assistance (PUA) System
(System).

In April 2020, the Department
contracted with a service provider to
provide the System as a Software as a
Service (SaaS) and to provide hosting
services for the System.  The service
provider maintained full control over
the System.

During testing, we noted the
following:

• The Department could not provide a
System and Organization Control (SOC)
report for the System.
• The service provider’s developers
had access to the production
environment.  As a result, we were
unable to determine if the developers
made unauthorized changes to the
environment, application, and data.
• The Department had not implemented
internal controls over the System’s
access.
• The Department had not implemented
disaster recovery controls.

As a result of the lack of general IT
controls over the System, we are
unable to rely on the System and the
proper documentation of claimant
eligibility data and benefits paid.
Furthermore, as a result of the lack
of internal controls identified in
this finding and finding 2, we are
unable to obtain sufficient
documentation to determine if the
Department’s Unemployment Compensation
Trust Fund (Trust Fund) financial
statements are fairly presented.
Therefore, we are issuing a disclaimer
of opinion over the Department’s Trust
Fund Fiscal Year 2021 financial
statements. (Finding 1, pages 21-22)

We recommended the Department ensure
the service provider’s contract
requires obtaining a SOC report or an
independent review. We also
recommended the Department ensure the
service provider’s developers’ access
is restricted and changes are
appropriate.  Further, we recommended
the Department develop and implement
security controls and disaster
recovery controls.

The Department accepted our
recommendation.

FAILURE TO MAINTAIN ACCURATE AND
COMPLETE PANDEMIC UNEMPLOYMENT
ASSISTANCE CLAIMANT DATA

The Department failed to maintain
accurate and complete Pandemic
Unemployment Assistance (PUA) claimant
data.

On March 27, 2020, the President of
the United States signed the
Coronavirus Aid, Relief, and Economic
Security (CARES) Act which provided
states the ability to provide
unemployment insurance to individuals
affected by the pandemic, including
those who would not normally be
eligible for unemployment.  Based on
the Department’s records, as of June
30, 2021, 424,887 claimants had
received benefits totaling
$8,168,499,998.

From June 2021 through January 2022,
the Department attempted to provide
complete and accurate PUA claimant
data in order to determine if the
claimants were properly determined
eligible.  After several attempts and
considerable manipulation of the data
to make the data more auditable and
organized, it was determined complete
and accurate PUA claimant data could
not be provided.  Therefore, we were
unable to conduct detailed testing to
determine whether the PUA claimants
were entitled to benefits.

Due to the inability to conduct
detailed claimant testing, we were
unable to determine whether the
Department’s Unemployment Compensation
Trust Fund (Trust Fund) financial
statements accurately document the PUA
benefits paid during Fiscal Year 2021.
Therefore, we are issuing a disclaimer
of opinion over the Department’s Trust
Fund Fiscal Year 2021 financial
statements. (Finding 2, page 23)

We recommended the Department
implement controls to ensure the
claimants’ data is complete and
accurate.

The Department accepted our
recommendation.

OTHER FINDINGS

The remaining finding pertains to a
failure to perform timely cash
reconciliations.  We will review the
Department’s progress towards the
implementation of our recommendations
in our next financial audit.

AUDITORS’ OPINION

The Department of Employment Security
has not maintained certain accounting
records and supporting documents for
the Unemployment Compensation Trust
Fund relating to transactions with its
beneficiaries, nor is the Trust Fund’s
internal control adequate to provide
safeguards over Trust Fund assets and
to assure the proper recording of
transactions.  Accordingly, we were
unable to extend our auditing
procedures sufficiently to determine
the extent to which the financial
statements may have been affected by
these conditions.

Because of the significance of this
matter, we have not been able to
obtain sufficient appropriate audit
evidence to provide a basis for an
audit opinion.  Accordingly, we do not
express an opinion on these financial
statements.

This financial audit was engaged to be
conducted by RSM US LLP.

JANE CLARK
Division Director

This report is transmitted in
accordance with Section 3-14 of the
Illinois State Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:dmg