REPORT DIGEST

 

ILLINOIS STATE UNIVERSITY

 

FINANCIAL AUDIT AND COMPLIANCE EXAMINATION

(In accordance with the Federal Single Audit Act and OMB Circular A-133)

For the Year Ended: June 30, 2009

 

Summary of Findings:

Total this audit: 2

Total last audit  : 2

Repeated from last audit: 1

 

Release Date:  March 11, 2010

 

State of Illinois Office of the Auditor General

WILLIAM G. HOLLAND, AUDITOR GENERAL

 

To obtain a copy of the Report contact:

Office of the Auditor General, Iles Park Plaza, 740 E. Ash Street, Springfield, IL 62703

(217)    782-6046 or TTY (888) 261-2887

 

This Report Digest and Full Report are also available on the worldwide web at http://www.state.il.us/auditor

 

 

SYNOPSIS

 

• The University had not assured adequate University-wide procedures existed for disposal of confidential information.  In addition, security controls over computer equipment maintained within the University Warehouse were inadequate. 

 

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

 

INADEQUATE PROCEDURES FOR DISPOSAL OF CONFIDENTIAL INFORMATION

 

The University had not assured adequate University-wide procedures existed for disposal of confidential information.  We noted the University:

• Had not performed a risk assessment of its computing environment to identify and protect confidential information from unauthorized disclosure.

• Had not installed disk encryption software on its laptop computers

• Had not formally approved procedures regarding the University’s responsibility for the prompt investigation and notification in the event of a breach of personal information.

 

While performing walkthroughs at the University, we found personal information and personal health information in unsecured bins.  In addition, weaknesses in the procedures for wiping confidential information from computers and electronic media were found. 

 

Failure to establish adequate procedures to protect and timely dispose of confidential information and to enforce compliance with established procedures can lead to such information being compromised. (Finding No. 09-2, pages 15-18)

 

We recommended the University assess its procedures for safeguarding and subsequent disposal of all confidential information.  University-wide procedures for properly disposing confidential information should be established.  Once established, the University should effectively communicate the procedures to all University personnel, and enforce compliance with its procedures ensuring all confidential information is kept secured until no longer needed, and then properly disposed.

 

University officials concurred with the recommendation.

 

 

AUDITORS' OPINION

 

We conducted a compliance examination of the University for the year ended June 30, 2009, as required by the Illinois State Auditing Act, the Single Audit Act and OMB Circular A-133. 

 

Our auditors stated the University’s June 30, 2009 financial statements are fairly presented in all material respects.

 

WILLIAM G. HOLLAND, Auditor General

 

WGH: CML

 

SPECIAL ASSISTANT AUDITORS

 

Our special assistant auditors were Clifton Gunderson, LLP.