REPORT DIGEST

ILLINOIS RACING BOARD

COMPLIANCE EXAMINATION
FOR THE TWO YEARS ENDED JUNE 30, 2022

Release Date:  March 30, 2023

FINDINGS THIS AUDIT: 14

CATEGORY:  NEW -- REPEAT -- TOTAL
Category 1:  3 -- 1 -- 4
Category 2:  6 -- 3 -- 9
Category 3:  0 -- 1 -- 1
TOTAL:  9 -- 5 -- 14

FINDINGS LAST AUDIT: 9

Category 1: Findings that are material
weaknesses in internal control and/or
a qualification on compliance with
State laws and regulations (material
noncompliance).
Category 2: Findings that are
significant deficiencies in internal
control and noncompliance with State
laws and regulations.
Category 3: Findings that have no
internal control issues but are in
noncompliance with State laws and
regulations.

State of Illinois, Office of the
Auditor General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report
contact:
Office of the Auditor General, Iles
Park Plaza, 740 E. Ash Street,
Springfield, IL 62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are
also available on the worldwide web at
www.auditor.illinois.gov

SYNOPSIS

• (22-01) The Illinois Racing Board’s
(Board) internal controls over its
voucher processing function were not
operating effectively during the
examination period.
• (22-02) The Board failed to
implement controls over users’ access
to the Board’s applications and data.
• (22-03) The Board did not have
adequate controls over the data
migration to a new licensing system.

FINDINGS, CONCLUSIONS, AND
RECOMMENDATIONS

VOUCHER PROCESSING INTERNAL CONTROLS
NOT OPERATING EFFECTIVELY

The Illinois Racing Board’s (Board)
internal controls over its voucher
processing function were not operating
effectively during the examination
period.
Due to our ability to rely upon the
processing integrity of the Enterprise
Resource Planning System (ERP)
operated by the Department of
Innovation and Technology (DoIT), we
were able to limit our voucher testing
at the Board to determine whether
certain key attributes were properly
entered by the Board’s staff into the
ERP.

Our testing noted 18 of 140 (13%)
attributes were not properly entered
into the ERP system.  Therefore the
Board’s internal controls over voucher
processing were not operating
effectively.
Due to this condition, we qualified
our opinion because we determined the
Board had not complied, in all
material respects, with applicable
laws and regulations, including the
State uniform accounting system, in
its financial and fiscal operations.

Even given the limitations noted
above, we conducted an analysis of the
Board’s expenditures data for Fiscal
Years 2021 and 2022 to determine
compliance with the State Prompt
Payment Act and the Illinois
Administrative Code and noted the
following noncompliance:

• The Board did not timely approve 14
of 942 (1%) vouchers processed during
the examination, totaling $147,766.
The vouchers were approved between 1
and 286 days late.
• The Board owed one vendor interest
totaling $14 in Fiscal Year 2022;
however, the Board did not approve
this voucher for payment to the
vendor.  (Finding 1, pages 10-11)

We recommended the Board design and
maintain internal controls to provide
assurance its data entry of key
attributes into ERP is complete and
accurate. Further, we recommended the
Board approve proper bills within 30
days of receipt and approve vouchers
for payment of interest due to
vendors.

Board officials concurred with the
recommendation and stated it has
instituted internal control measures
to ensure compliance.

FAILED TO IMPLEMENT USER ACCESS
CONTROLS

The Board failed to implement controls
over users’ access to the Board’s
applications and data.
We requested the Board provide
populations of employees, separated
employees and users of the Pari-Mutuel
Information Tracking System (PITS).
Although the Board provided the
populations, documentation
demonstrating the completeness and
accuracy of the populations was not
provided.  Therefore, we were unable
to conclude the Board’s populations
were sufficiently precise and detailed
under the Professional Standards.

Even given the issues noted above, we
reviewed the population of PITS users
noting seven of 18 (39%) PITS users’
accounts were shared. We also
requested documentation to determine
if the PITS users’ access was
appropriate based on their job duties;
however, the Board did not provide
documentation for one of three (33%)
users. Thus we could not determine if
access was appropriate.

Further, the Board was a user of the
Department of Innovation and
Technology’s (DoIT) Enterprise
Resource Planning System (ERP),
Central Time and Attendance System
(CTAS), eTime, and Central Payroll
System (CPS). As part of our review of
user access, we requested the Board’s
review of access rights during the
examination period.  However, the
Board did not provide documentation of
such review.  Additionally, our review
noted 7 of 12 (58%) CTAS users no
longer required access, 3 of 15 (20%)
eTime users no longer required access
and 1 of 7 (14%) CPS user no longer
required access.

Lastly, the Board had not established
policies and procedures documenting
their internal controls over access
provisioning. (Findings 2, pages
12-13)

We recommended the Board strengthen
its controls to ensure documentation
is maintained to demonstrate the
completeness and accuracy of the
Board’s populations. In addition, we
recommended, the Board review the user
accounts to ensure the user’s access
is appropriate and shared accounts are
assigned to specific individuals for
accountability. Further we recommended
the Board establish policies and
procedures documenting the internal
controls over access provisioning and
ensure accounts of terminated users
are timely disabled.

Board officials agreed with the
recommendation and stated it has
initiated a plan of action.

INADEQUATE CONTROLS OVER DATA
MIGRATION TO A NEW LICENSING SYSTEM

The Board did not have adequate
controls over the data migration to a
new licensing system.

In April 2022, the Board migrated to a
new licensing system, the HRC-IL
System.  The HRC-IL System was
utilized for licensing, enforcement,
and as a rule tracking database.

As part of our testing, we requested
documentation demonstrating the legacy
system data were completely and
accurately migrated from the legacy
system to the HRC-IL system.  Our
review of the limited documentation
provided noted:

• 791,000 records were migrated from
the legacy system; however, the Board
did not provide adequate documentation
to demonstrate the completeness of the
data migration from the legacy system
to the HRC-IL System.
• The completeness of the data
migration could not be determined as
there was no record count of data
converted to the HRC-IL System.
• Historical license information for
individuals was not transferred to the
HRC-IL System.
• The Board did not provide adequate
documentation demonstrating a detailed
review of accuracy of migrated
records.
• Four of 28 (14%) licensee records
had the incorrect licensing year
information transferred to the HRC-IL
System.  (Finding 3, pages 14-15)

We recommended the Board implement
controls to ensure all data completely
and accurately migrated from the
legacy system to the HRC-IL System.
We further recommended the Board
review the HRC-IL System data to
ensure its accuracy and completeness.

Board officials agreed with the
recommendation and stated it has
initiated a plan of action.

OTHER FINDINGS

The remaining findings pertain to a
lack of change control policy and
inadequate segregation of duties,
noncompliance with racing laws and
regulations and annual reporting
requirements, inadequate controls over
employment application forms, personal
services, reporting, and State
vehicles, board membership, service
providers, cybersecurity programs and
practices and disaster recovery
weaknesses.  We will review the
Board’s progress towards the
implementation of our recommendations
in our next compliance examination.

ACCOUNTANT’S OPINION

The accountants conducted a compliance
examination of the Board for the two
years ended June 30, 2022, as required
by the Illinois State Auditing Act.
The accountants qualified their report
on State compliance for Findings
2022-001 through 2022-004.  Except for
the noncompliance described in these
findings, the accountants stated the
Board complied, in all material
respects, with the requirements
described in the report.

This compliance examination was
conducted by Adelfia LLC.

JANE CLARK
Division Director

This report is transmitted in
accordance with Section 3-14 of the
Illinois State Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:JC