REPORT DIGEST

ILLINOIS HOUSING DEVELOPMENT AUTHORITY

FINANCIAL AND COMPLIANCE AUDIT
(In accordance with the Single Audit Act of 1984 and OMB Circular A-128)
For the Year Ended:
June 30, 1996

Summary of Findings:

Release Date:

April 15, 1997

State of Illinois
Office of the Auditor General

WILLIAM G. HOLLAND
AUDITOR GENERAL

Iles Park Plaza
740 E. Ash Street
Springfield, IL 62703
(217) 782-6046

SYNOPSIS

• The Authority did not have a formal, comprehensive systems development methodology for the development of computer applications. In addition, standards and procedures to guide computer operations and enhance computer security did not exist. This finding has been repeated since 1994.

• The Authority failed to retain certain investment reports on microfiche or on hard copies.

• The Authority did not reconcile all bank accounts on a timely basis. Controls were in place to ensure all statements were received, but there were no controls to ensure all accounts were reconciled.

• Federal HUD Eligibility Forms were prepared incorrectly resulting in $317 in questioned costs. This finding has been repeated since 1989.

{Expenditures and Activity Measures are summarized on the next page.}

FY 1996

FY 1995

FY 1994

• Total Governmental Fund Revenue

Real Estate Transfer Taxes
% of Total Revenue
Federal Home Funds
% of Total Revenue
Investment, Interest and Other Income
% of Total Revenue

$39,973,819

$18,625,639
46.6%
$18,387,132
46.0%
$ 2,961,048
7.4%

$43,456,787

$16,634,465
38.3%
$24,327,480
56.0%
$ 2,494,842
5.7%

$22,345,611

$17,578,344
78.7%
$ 3,475,465
15.6%
$1,291,802
5.7%

• Total Governmental Fund Expenditures

Grants
% of Total Expenditures
General and Administrative
% of Total Expenditures

$20,734,920

$ 8,041,712
38.8%
$12,693,208
61.2%

$14,836,536

$ 8,282,975
55.8%
$ 6,553,561
44.2%

$5,983,250

$4,706,306
78.7%
$1,276,944
21.3%

• Total Administrative Fund Revenue

Development and Financing Fees
% of Total Revenue
Service Fees
% of Total Revenue
Other Income
% of Total Revenue

• Total Administrative Expenses

Salaries and Benefits
% of Total Expenses . .
Average No. of Employees
Contractual Services .
% of Total Expenses
All Other Operations Items
% of Total Expenses

• Net Value of Property and Equipment

$15,902,776

--------
--------
$ 6,999,652
44.0%
$ 8,903,124
56.0%

$12,724,503

$ 6,084,996
47.8%
171
$ 1,172,822
9.2%
$ 5,466,685
43.0%

$ 1,145,115

$18,292,200

$ 779,460
4.3%
$ 6,733,378
36.8%
$10,779,362
58.9%

$13,134,800

$ 6,315,119
48.1%
167
$ 2,171,486
16.5%
$ 4,648,195
35.4%

$ 1,218,242

$13,652,186

------
------
$6,420,990
47.0%
$7,231,196
53.0%

$11,536,728

$6,213,920
53.9%
161
$1,878,451
16.3%
$3,444,357
29.8%

$1,356,003

FY 1996

FY 1995

FY 1994

• Total Number of Bond Issues Outstanding
• Total Bond Issue Value (in millions)

80
$2,018

67
$1,880

60
$1,752

During Audit Period: John Varones, Director
Currently: John Varones, Director

The Authority has inadequate formal, written standards and procedures for its computer system.

The Authority may lose some of its current procedures during conversion due to the fact the procedures are not documented.

The Authority failed to retain certain investment reports.

Five of 25 investment transactions could not be agreed to the general ledger.

The Authority did not reconcile bank accounts on a timely basis.

Federal forms were not prepared correctly resulting in $317 of questioned costs.

FINDINGS, CONCLUSIONS, AND
RECOMMENDATIONS

INADEQUATE SYSTEM STANDARDS AND SECURITY PROGRAM

The Authority did not have a formal, comprehensive systems development methodology for the development of computer applications. In addition, there are no formal installation standards for organization and administration and no formal process for developing standards. The Authority has no formal procedures to monitor, review, and follow-up on security violations, nor is a formal security awareness program in place.

The lack of standards has adversely affected existing applications. During audit testing, we noted one application which had operational inefficiencies and was unable to adjust to the growth of demand on the system. During the past year, it has been continuously modified and enhanced to meet the increasing service needs, but still does not have complete up-to-date documentation to describe procedures for input, processing, and output of transactions.

The lack of formal, written standards is even more critical considering the Authority is in the process of converting all its present applications to a new computing platform. The Authority may lose some of its current procedures in the conversion due to the fact the procedures are not documented.

We recommended the Authority formalize and implement standards for systems development methodology, installation standards for organization and administration and standards for regular monitoring and review of security violations. (Finding #2, page 8) This finding has been repeated since 1994.

The Authority concurred with the recommendations and plans to use a design methodology for new computer systems. The Authority will continue to establish procedures for regular monitoring and review of security violations as well as develop and maintain installation standards as applicable. The Authority stated that full implementation of the recommendations can not be accomplished by the end of fiscal year 1997 without the hiring of additional personnel or consulting help. (For previous Authority responses, see Digest footnote #1.)

FAILURE TO RETAIN HISTORICAL FINANCIAL INFORMATION

The Authority failed to retain certain investment reports on microfiche or on hard copies. During November 1995, the Authority no longer maintained microfiche due to a format change by the supplier. All hard copies of reports were to be retained until a decision was made on whether the Authority would change to the new format or establish new procedures for report retention. However, not all reports were kept and some had been misplaced.

During audit testing of the investment area, five of 25 investment transactions could not be agreed to the investment transactions' general ledger as the investment reports were not retained for the dates needed. However, the auditors did agree these transactions to the applicable bank statements to determine they were bonafide investment transactions.

We recommended the Authority adhere to its policy to retain all financial reports. (Finding #4, page 12)

The Authority concurred with the recommendation and is in the process of selecting a new vendor to record and retain the investment reports.

MONITORING AND REVIEW OF BANK STATEMENTS

The Authority did not reconcile all bank accounts on a timely basis. We noted controls were in place to ensure all bank statements were received, but there were no controls to ensure all accounts were reconciled.

We recommended the Authority establish and enforce a policy requiring all bank and investment statements be reconciled and reviewed on a timely basis. (Finding #5, page 13)

The Authority concurred with the recommendation and is in the process of developing the recommended policies and procedures necessary to assure timely reconciliations.

INCORRECT HOUSING ASSISTANCE PAYMENTS

Some Housing and Urban Development (HUD) Tenant Eligibility Forms were not prepared accurately. During audit testing, three of 52 forms tested contained clerical and/or system-generated errors. These three incidents generated questioned costs of $317 for fiscal year 1996.

We recommended the Authority continue to emphasize the importance of completing HUD forms completely and accurately. We also recommended the forms be reviewed more frequently and the property manager and/or the development manager be contacted if inaccuracies continue to occur. (Finding #9, page 49) This finding has been repeated since 1989.

The Authority responded the files in question will be reviewed and any necessary adjustments will be made. The Authority continues to offer training and retraining for site managers and strongly recommends that new managers attend and that managers be retrained every two years. Also, the Authority will continue to emphasize the importance of accuracy and will continue to advise site managers that continuing inaccuracies may result in loss of Housing Assistance Payments. (For previous Authority responses, see Digest footnote #2.)

OTHER FINDINGS

The remaining findings are less significant and are being given appropriate attention by the Authority. We will review progress toward implementing these recommendations in our next audit. Responses to the recommendations were prepared by Authority personnel and approved by Director John Varones.

AUDITORS' OPINION

Our auditors state the Authority's financial statements for the year ended June 30, 1996 are fairly presented.

___________________________________
WILLIAM G. HOLLAND, Auditor General

WGH:BAR:pp

SPECIAL ASSISTANT AUDITORS

KPMG Peat Marwick LLP were our special assistant auditors for this audit.

DIGEST FOOTNOTES

#1 INADEQUATE SYSTEM STANDARDS AND SECURITY PROGRAM - Previous Authority Responses.

1995: "The Authority concurs with the recommendations. The Authority plans to use a methodology on systems developed under the conversion from the existing VAX systems to the unified database and client/server, if these systems are developed internally. Should software be purchased, such a design methodology would not be necessary.

The Authority will continue its activities to establish procedures for regular monitoring and review of security violations.

The Authority has a process for developing standards and maintaining them as a part of its Disaster Recovery Plan. The Authority will make this process a part of its Installation Standards as applicable.

Due to the small size of the Authority's Information Systems staff together with the heavy demands being placed upon it by the systems conversion project, full implementation of the recommendations can not be accomplished by the end of fiscal year 1996 without the hiring of additional personnel or consulting help. The Authority will evaluate these alternatives, both of which will be affected by budget constraints."

1994: "The Authority concurs with the recommendations. The Authority plans to use a design methodology on systems developed under the conversion from the existing VAX systems to the unified database and client/server. The selection and purchase of a methodology are subject to the availability of funding.

The Authority will continue its activities to establish appropriate standards for organization and administration, as well as those to create standards for regular monitoring and review of security violations.

The Authority has a process for developing standards and maintaining them as a part of its Disaster Recovery Plan. The Authority will make this process a part of its Installation Standards as applicable.

Due to the small size of the Authority's Information Systems staff, the full implementation of the recommendations can not be accomplished within the next fiscal year and will be affected by demands on existing staff and approval and acquisition of additional staff."

#2 INCORRECT HOUSING ASSISTANCE PAYMENTS - Previous Authority Responses.

1995: "The Authority is in the process of reviewing the files in question and will make necessary adjustments upon completion of the reviews. During site visits by Authority staff, the 50059 forms are reviewed and calculated for completeness and accuracy. The Authority will continue to emphasize to management agents the importance of accuracy as it relates to tenant eligibility and tenant rent. In addition, the Authority will continue to offer training and retraining for site managers and strongly recommends that new managers attend immediately and that all managers be retrained biannually. The Authority will also advise site managers that continuing inaccuracies may result in abatement of Housing Assistance Payments."

1994: "HUD regulations require that the tenant file systems be established and maintained for three years. The Authority supports this requirement by supplying checklists to management personnel during monthly training sessions and strongly encouraging their use. These checklists recap all information which should be included in each on-site tenant file. In addition, when the Eligibility and Processing (E&P) Officers do an on-site tenant audit, they check to see that the tenant files are in order and that all verification forms are properly filed.

1993: "During site visits by the E&P Officers, the Form 50059's are reviewed and calculated for completeness and accuracy. The Authority will continue to emphasize to management agents the importance of accuracy as it relates to tenant eligibility and tenant rent.

In addition, the Authority continues to offer training and retraining for site managers and strongly recommends that new managers attend immediately and for all managers to reattend biennially.

The Authority is in the process of reviewing the files in question as noted in the above findings and will make necessary adjustments upon completion of the reviews."

1992: Same response as 1993.
1991: Same response as 1993.
1990: Same response as 1993.

1989: "During all training sessions, on-site audits and telephone conversations with management personnel, the E&P Officers stress the importance of accurate and complete 50059 forms. These forms are now reviewed by computer which is supposed to eliminate human error. Should the computer reject a file due to erroneous information, the E&P Officer checks the form and contacts the on-site manager. For major errors, a new 50059 is requested. Should the error be of the type found during the audit, the on-site manager is told to correct the error on their 50059 form. The E&P Officer then corrects the IHDA 50059 and the file is reentered into the computer. The on-site manager, however, may not always follow through and correct the on-site 50059 form."