NOTE: Illinois State University’s FY2010 financial statements should be read in conjunction with the FY2011 financial statements. In the FY2010 financial statements, the June 30, 2010 net assets have been restated (decreased by $5,189,664) to correct errors in reporting accounts receivable. Because the June 30, 2010 net assets have been restated, the previously issued auditors’ report dated March 30, 2011 is not to be relied upon without consideration of the auditors’ report dated March 2, 2012 on the restatement of the June 30, 2010 net assets.
REPORT DIGEST
ILLINOIS STATE UNIVERSITY
FINANCIAL AUDIT AND COMPLIANCE EXAMINATION (In accordance with the Single Audit Act and OMB Circular A-133)
For the Year Ended: June 30, 2010
Summary of Findings:
Total this audit: 3
Total last audit: 2
Repeated from last audit: 2
Release Date: April 14, 2011
State of Illinois, Office of the Auditor General
WILLIAM G. HOLLAND, AUDITOR GENERAL
To obtain a copy of the Report contact:
Office of the Auditor General, Iles Park Plaza, 740 E. Ash Street, Springfield, IL 62703
(217) 782-6046 or TTY (888) 261-2887
This Report Digest and Full Report are also available on the worldwide web at www.auditor.illinois.gov
____________________________
SYNOPSIS
• The University does not perform a periodic reconciliation
of the detailed property and equipment listings to the general ledger.
• The University had not assured adequate University-wide procedures existed over the proper disposal of confidential information.
FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS
LACK OF REVIEWED AND APPROVED RECONCILIATION OF DETAILED
PROPERTY LISTINGS TO THE GENERAL LEDGER
The University does not perform periodic reconciliations of detailed property listings to the general ledger. Without a reconciliation, the University can not ensure that the activity being recorded in the general ledger agrees to the activity recorded in the property and equipment database. We noted the following:
• The University did not capitalize assets as of the date
acquired, but as of the date they were tagged.
We noted in the first quarter of 2010, approximately $837,000 of capital
assets were capitalized when tagged that had been previously expensed in
2009. As of June 30, 2010, there was
approximately $207,000 of capital assets that were improperly expensed due to
not being tagged until 2011.
• The University improperly capitalized approximately
$2,339,000 of equipment in 2009 that was below the capitalization
threshold. The University corrected this
misclassification in fiscal year 2010.
• The University recorded approximately $2,863,000 in both
the construction in progress and buildings accounts during fiscal year 2009 for
the same costs. The University corrected
this error in fiscal year 2010 by eliminating $2,863,000 from the construction
in progress account.
• The University improperly expensed approximately
$1,750,000 of building costs during fiscal year 2009. The University corrected this
misclassification in fiscal year 2010.
• As a result of the above misclassifications, the June 30,
2010 C-15 report is incorrect.
The net effect of these misclassifications resulted in the
expenses on the fiscal year 2009 financial statements being understated by
approximately $2,615,000. The expenses
in the fiscal year 2010 financial statements are overstated by approximately
$2,822,000. The June 30, 2010 financial
statements were not adjusted for these misclassifications as management deemed
them immaterial.
Proper internal control procedures require that accounts be
periodically reconciled at the detail level to ensure that the subledgers agree
to the general ledger balances. (Finding
1, pages 15-16)
We recommended that the University perform a reconciliation
of the detailed property and equipment listings to the general ledger that is
properly reviewed and approved on a quarterly basis.
University officials accepted our recommendation.
INADEQUATE PROCEDURES OVER DISPOSAL OF CONFIDENTIAL
INFORMATION
The University had not assured adequate University-wide procedures existed over the disposal of confidential information. We noted the University:
• Had not performed a risk assessment of its computing
environment to identify and protect confidential information from unauthorized
disclosure.
• Had not installed disk encryption software on its laptop
computers as well as mainframe backup tapes.
• Had not formally approved procedures regarding the
University’s responsibilities, as stated in the Personal Information Protection
Act, for the prompt investigation and notification in the event of a breach of
personal information.
While performing walkthroughs at the University, we found
personal information and personal health information in unsecured bins.
Failure to establish adequate procedures to protect and
timely dispose of confidential information and to enforce compliance with
established procedures can lead to such information being compromised. (Finding 3, pages 18-20)
We recommended the University assess its procedures for
safeguarding and subsequent disposal of all confidential information. The University should effectively communicate
the procedures to all University personnel and enforce compliance with its
procedures ensuring all confidential information is kept secured until no
longer needed, and then properly disposed.
We also recommend the University perform a comprehensive risk assessment
of its computer environment and encrypt personal or confidential data.
University officials accepted our recommendation.
OTHER FINDINGS
The remaining finding is reportedly being given attention by
the University. We will review the
University’s progress towards the implementation of our recommendations in our
next audit.
AUDITORS’ OPINION
Our auditors stated the financial statements of the
University as of June 30, 2010 and for the year then ended are fairly presented
in all material respects.
WILLIAM G. HOLLAND
Auditor General
WGH:CML:pp
SPECIAL ASSISTANT AUDITORS
Clifton Gunderson, LLP were our special assistant auditors
for this audit.