REPORT DIGEST

ILLINOIS FINANCE AUTHORITY

FINANCIAL AUDIT
FOR THE YEAR ENDED JUNE 30, 2023

Release Date:  February 6, 2024

FINDINGS THIS AUDIT: 1

CATEGORY:  NEW -- REPEAT -- TOTAL
Category 1:  1 -- 0 -- 1
Category 2:  0 -- 0 -- 0
Category 3:  0 -- 0 -- 0
TOTAL:  1 – 0 -- 1

FINDINGS LAST AUDIT:  0

Category 1: Findings that are material
weaknesses in internal control and/or a
qualification on compliance with State laws
and regulations (material noncompliance).
Category 2: Findings that are significant
deficiencies in internal control and
noncompliance with State laws and
regulations.
Category 3: Findings that have no internal
control issues but are in noncompliance with
State laws and regulations.

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, Iles Park
Plaza, 740 E. Ash Street, Springfield, IL
62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

This digest covers the Illinois State
Finance Authority’s (Authority) Financial
Audit as of and for the year ended June 30,
2023. The Authority’s Compliance Examination
covering the two years ended June 30, 2023
will be issued in a separate report at a
later date.

SYNOPSIS

• (23-1) The Authority experienced a network
security incident that involved an
unauthorized party  gaining access to the
Authority’s network environment.

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

CYBERSECURITY INCIDENT INVOLVING
UNAUTHORIZED ACCESS

The Illinois Finance Authority (Authority)
experienced a network security incident that
involved an unauthorized party gaining
access to the Authority’s network
environment.

On or about November 6, 2023, the Authority
experienced a network security incident that
involved an unauthorized party gaining
access to the Authority’s network
environment. Upon detecting the incident,
the Authority disabled all access to the
network and engaged a specialized third-
party forensic incident response firm to
assist with securely restoring the network
environment and investigating the extent of
unauthorized activity. As of the date of the
report, the investigation is ongoing.

The incident, which involved unauthorized
access to the Authority’s environment,
resulted in the loss of data. (Finding 1,
page 72)

We recommended the Authority to continue to
investigate the incident to determine the
root cause.

The Authority accepted the finding.

AUDITOR’S OPINIONS

The auditors stated the financial statements
of the Authority as of and for the year
ended June 30, 2023 are fairly stated in all
material respects.

This financial audit was conducted by RSM US
LLP.

JANE CLARK
Division Director

This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:TLK