REPORT DIGEST

 

DEPARTMENT OF TRANSPORTATION

 

FINANCIAL AUDIT AND COMPLIANCE EXAMINATION

For the Year Ended:

June 30, 2006

 

 

 

Summary of Findings:

Total this audit                         11

Total last audit                         21

Repeated from last audit            3

 

Release Date:

March 20, 2007 

 

State of Illinois

Office of the Auditor General

WILLIAM G. HOLLAND

AUDITOR GENERAL

 

To obtain a copy of the Report contact:

Office of the Auditor General

Iles Park Plaza

740 E. Ash Street

Springfield, IL 62703

(217) 782-6046 or TTY (888) 261-2887

 

This Report Digest and the Full Report are also available on

the worldwide web at

http://www.auditor.illinois.gov

 

 

 

 

 

 

SYNOPSIS

 

 

  • The Department failed to timely file professional and artistic service contracts with the State Comptroller’s Office necessitating the use of the late-filing affidavit process.

 

  • The Department’s formal commodity inventory policies and procedures were not in place as of June 30, 2006 resulting in an incomplete inventory valuation.

 

  • The Department had not ensured that adequate procedures exist for disposal of documents containing confidential and sensitive information.

 

  • The Department had not established adequate controls for securing its computer resources.

 

  • The Department’s process to monitor interagency agreements was inadequate.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

{Expenditures and Activity Measures are summarized on the reverse page.}

 

 


DEPARTMENT OF TRANSPORTATION

FINANCIAL AUDIT AND COMPLIANCE EXAMINATION

For The Year Ended June 30, 2006

 

EXPENDITURE STATISTICS

FY 2006

FY 2005

·         Total Expenditures (All Appropriated Funds)

 

$3,786,467,365

$3,632,759,296

     OPERATIONS TOTAL..........................

         % of Total Expenditures..................

$586,982,926

15.50%

$594,603,245

16.37%

         Personal Services............................

            % of Operations Expenditures....

            Average No. of Employees........

$346,429,630

59.02%

5,645

$345,443,270

58.10%

5,944

         Other Payroll Costs (FICA,

          Retirement)............................................

            % of Operations Expenditures....

 

$56,538,667

9.63%

 

$90,110,124

15.15%

         Contractual Services.......................

            % of Operations Expenditures....

$100,100,667

17.05%

$82,177,271

13.82%

         All Other Operations Items..............

            % of Operations Expenditures....

$83,913,962

14.30%

$76,872,580

12.93%

     GRANTS TOTAL...................................

         % of Total Expenditures..................

$1,398,345,623

36.93%

$1,362,220,885

37.49%

     CONSTRUCTION TOTAL.........................

         % of Total Expenditures..................

$1,796,580,236

47.45%

$1,670,948,543

46.00%

    CAPITAL IMPROVEMENTS TOTAL...

         % of Total Expenditures......................

$4,558,580

0.12%

$4,986,623

0.14%

    CAPITAL ASSETS – GROSS

         Infrastructure......................................

         All Other............................................

               Total............................................

 

$21,808,196

2,508,588

$24,316,784

 

$21,152,272

2,469,059

$23,621,331

 

SELECTED ACTIVITY MEASURES (Unaudited)

FY 2006

FY 2005

·         Number of bridges maintained/improved................

255

206

·         Percent of bridges in need of repair......................

9%

8%

·         Lane miles of state-controlled highways................

42,750

42,500

·         Construction investment/lane mile.........................

$40,995

$38,369

·         Miles of pavement maintained/improved................

820

919

·         Percent of roads in need of repair ........................

11%

11%

 

AGENCY SECRETARY(S)

     During Audit Period:  Mr. Timothy Martin

     Currently:  Mr. Milt Sees, Acting Secretary

 


 

 

 

 

 

 

 

 

 

 

 

 

Delays in filing contracts

 

 

 

 

 

Procurement Code requires filing within 15 days of execution

 

 

IDOT attributes late filing to change in personnel

 

 

 

 

 

 

 


Lack of formal commodity inventory policies and procedures

 

 

 

 

 

 

$5.4 million extrapolated understatement

 

 

 


IDOT unable to reconcile final inventory to audit test counts

 

 

 

 

 


State law limits supply on hand to twelve month usage

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Failure to ensure adequate procedures in place for confidential and sensitive information

 

 

 

 

Confidential, personal and sensitive information found in recycle bins

 

 

 

 

 

 


State law identifies proper disposal of confidential and sensitive information

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Controls needed for securing computer resources

 

 

 

 

 

 

Weaknesses noted in testing of computer security

 

 

 

 

 

 

 

Lack of adequate computer security results in greater risk for data being compromised or destroyed

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Deficiencies noted in testing of agreements

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Improvements needed

 

 

 

 

 

 

 

 

 

IDOT agrees to strengthen interagency agreement process

 

 

 

INTRODUCTION

 

       This report presents our financial audit and State compliance examination for the year ended June 30, 2006.

 

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

 

NEED TO IMPROVE CONTRACT FILING TIMELINES WITH THE STATE COMPTROLLER

 

      Department did not file all professional service contracts in excess of $5,000 with the Office of the State Comptroller in a timely manner. We reviewed ten contractual agreements for professional services entered into by the Department in FY06 and noted that 4 agreements were filed with the Comptroller 87 to 100 days after execution.

 

      The Illinois Procurement Code requires that whenever a professional service contract liability exceeds $5,000, a copy of the contract shall be filed with the State Comptroller within 15 days of its execution.  (Finding 3, page 15)

 

      We recommended the Department file contracts exceeding $5,000 with the Office of the State Comptroller in a timely manner.

 

      Department officials agreed with the finding and recommendation and indicated a change in personnel resulted in a delay in processing these contracts.

 

 

INADEQUATE COMMODITIES INVENTORY RECORDS

 

      The Department did not have formal commodity inventory policies or procedures in place as of June 30, 2006.  In addition, the Department does not maintain a perpetual commodity inventory system that would keep track of the quantity on hand or cost of the inventory at any point in time.

 

 

      During FY2006, the Department deemed the Maintenance Management Information System as being outdated and thus, discontinued its use as a perpetual inventory system for the purpose of maintaining perpetual inventory records of highway maintenance items.  Instead, the Department performed year-end commodities inventory counts at each of its locations for use in preparing its Departmental financial statements.

 

      During the year-end physical inventory, we performed test counts and noted discrepancies between the inventory counts and pricing that resulted in an understatement of these test items totaling $261,519.  When extrapolating the discrepancy over the entire inventory, the valuation resulted in an understatement of $5.4 million.  The Department was not able to reconcile between the audit test counts and the Departmental test counts.  We also determined that a number of commodities at different locations were given equal pricing although commodity costs varied by location.

 

      The Illinois Procurement Code requires agencies to inventory or stock no more than a twelve month supply of equipment, supplies, commodities, etc.  Each agency is to periodically review its inventory to ensure compliance with this Section.  Additionally, good internal control requires formal written policies so that inventory can be tracked and maintained consistently throughout the Department.  (Finding 4, pages 16 - 17)

 

      We recommended the Department develop formal inventory policies and procedures for all Districts/Sites and maintain commodities quantity and costing records throughout the year.  Their procedures should include taking periodic test counts and reconciling those counts to its commodities records.  At a minimum, year-end physical inventories should be taken and records should be adjusted, where necessary.  (This finding has been repeated since 1994.)

 

      Department officials agreed with our recommendation and indicated that, during FY2006, new protocols to track commodities and perform year-end inventory counts had been implemented; however, they later found some staff had misinterpreted the instructions.  The staff misinterpretations led to incomplete and inaccurate inventory counts and valuations in FY2006.  (For previous agency responses see Digest Footnote #1).

 

INADEQUATE PROCEDURES FOR DISPOSAL OF CONFIDENTIAL INFORMATION

 

      The Department had not ensured adequate procedures exist for disposal of documents containing confidential and sensitive information.

 

      We found the Department’s procedures for properly disposing of confidential information were not adequate and not always enforced.

 

      While performing a walkthrough at the Department’s main administrative location, auditors discovered confidential, personal, and sensitive information in recycle bins.  Personal and sensitive information found included:

 

  • Payroll reports including names and social security numbers.

  • Employee timesheets, benefit statements, and bond statements that contained employee names, dependent names, social security numbers and home addresses.

 

      The Personal Information Protection Act requires State agencies to properly dispose of information.  The Act states, “Any State agency that collects personal data that is no longer needed or stored at the agency shall dispose of the personal data or written material it has collected in such a manner as to ensure the security and confidentiality of the material.”  (Finding 8, pages 22 - 23)

 

      We recommended the Department comply with the Personal Information Protection Act and establish adequate Department-wide procedures for properly disposing of confidential information.  Once established, the Department should effectively communicate the procedures to all Departmental personnel, and enforce compliance with its procedures.

 

      Department officials agreed with our recommendation to protect, dispose and securely store confidential information.  The Department indicated they have implemented locked, secured containers for confidential information as well as provided procedures on proper disposal methods.  In addition, disposal vendor’s maintenance and disposal procedures are to be reviewed for compliance with the procedures.

 

INADEQUATE COMPUTER SECURITY CONTROLS

 

      The Department had not established controls for securing its computer resources.

 

      The Department had established computer systems throughout the State in order to meet its mission and mandates.  The computer systems processes and maintains critical, confidential and sensitive information. 

 

      Our testing of computer security noted:

 

·        Outdated IT technology policy.

·        Lack of a complete and accurate listing of servers used.

·        Servers were not updated with the current vendor patch levels.

·        An excessive number of users having powerful security administration authorization.

·        Accounts with no password requirements.

·        Accounts for terminated employees remained active from two to 14 months after termination.

 

      Without the implementation of adequate controls and procedures, there is greater risk unauthorized access to Department resources may be gained and data compromised or destroyed  (Finding 9, pages 24 - 25)

 

      We recommended the Department update the Information Technology Policy to reflect the current environment and address current laws and regulations.  Further, the Department should strengthen its security parameters by reducing the number of users with security administration authority, requiring consistent password requirements for all users, deactivating terminated accounts on a timely basis, and ensuring servers are patched in a timely manner.

 

      Department officials agreed with the recommendation and state they have updated the Information Technology Policy to reflect current environment and address current laws.  Also, as a result of Information Technology consolidation, Central Management Services (CMS) has taken responsibility for managing servers, routers, LAN/WAN infrastructure, network policy, backup/archiving functions, user accounts, email administration, etc.  The Department will continue to work with CMS to establish adequate controls, policies and procedures over computer security, the baseline controls for deactivating network accounts, and obtain the information necessary to ensure security issues are addressed.

 

INADEQUATE MONITORING OF INTERAGENCY AGREEMENTS

 

      The Department’s process to monitor interagency agreements was inadequate.

 

      The Department enters into multiple agreements with other State agencies and other units of governments.  The purpose of these agreements is to assist the Department in fulfilling its mandated mission.

 

      During our testing of four interagency agreements between the Department and the Governor’s Office of Management and Budget, the following deficiencies were noted:

 

·        4 of 4 of the agreements tested were not signed by all parties before the effective date of the contract.  The agreements were signed 125 to 321 days late.

·        1 of 4 of the agreements (legal services) tested did not include supporting documentation detailing the methodology used to determine the allocation percentage for each agency.

·        1 of 4 of the agreements (actuarial review) tested had made payments totaling $14,185 prior to all parties signing the agreement.

·        1 of 4 of the agreements (legal services) had services invoiced prior to the effective date of the agreement.

·        1 of 4 of the agreements (legal services) had a $1,323 overpayment because the vendor billed for services of individuals not specified in the contract.

·        1 of 4 of the agreements (actuarial review) had a $421 departmental overpayment due to an incorrect percentage being applied.

 

      Prudent business practices require the approval of agreements prior to the effective date and proper documentation supporting the billing and payment of services.  (Finding 11, pages 28 – 29)

 

      We recommended the Department ensure all interagency agreements are approved by an authorized signer prior to the effective date of the agreement.  Additionally, the Department should take the necessary steps to increase monitoring of the billings and expenses and request refunds where there has been an overpayment.

 

      Department officials agreed with our recommendation and indicated they will (1) seek separate agreements, (2) ensure that it is only billed its portion of project costs, (3) obtain the allocation methodology prior to entering into the agreement, and (4) obtain more control in monitoring vendor billings.

 

 OTHER FINDINGS

 

      The remaining findings are reportedly being given attention by the Department.  We will review progress toward implementing these recommendations in our next compliance audit. 

 

 

AUDITORS’ OPINION

 

      Our auditors state the basic financial statements of the Department as of and for the year ended June 30, 2006 are fairly presented in all material respects.

 

 

 

____________________________________

WILLIAM G. HOLLAND, Auditor General

 

WGH:SES:pp

 

 

 

 

SPECIAL ASSISTANT AUDITORS

 

      BKD, LLP were our special assistant auditors for this audit.

 

DIGEST FOOTNOTE

 

#1  INADEQUATE COMMODITIES INVENTORY – Previous Agency Response

 

The Department agreed with the auditor’s recommendation with regard to improving the accounting and reporting of its commodity inventory in its prior findings.

 

Complete Department responses to prior findings are available upon request from the Auditor General’s Office.