REPORT DIGEST

ILLINOIS STATE BOARD OF INVESTMENT

COMPLIANCE EXAMINATION
FOR THE TWO YEARS ENDED JUNE 30, 2023

Release Date:  July 9, 2024

FINDINGS THIS AUDIT: 4

CATEGORY:  NEW -- REPEAT – TOTAL
Category 1:  0 -- 0 -- 0
Category 2:  4 -- 0 -- 4
Category 3:  0 -- 0 -- 0
TOTAL:  4 -- 0 -- 4

FINDINGS LAST AUDIT: 0

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, 400 West
Monroe, Suite 306, Springfield, IL
62704-9849
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

This digest covers the State compliance
examination of the Illinois State Board of
Investment (ISBI) for the two years ended
June 30, 2023. A digest covering ISBI’s
financial audit as of and for the year ended
June 30, 2023, was previously released on
January 18, 2024. This report contains four
findings. The financial audit report
contained no findings.

SYNOPSIS

• (23-2) The Illinois State Board of
Investment had not implemented adequate
internal controls over documenting the
reviews of its service providers.

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

LACK OF ADEQUATE CONTROLS OVER THE REVIEW OF
INTERNAL CONTROLS FOR SERVICE PROVIDERS

The Illinois State Board of Investment
(ISBI) had not implemented adequate internal
controls over documenting the reviews of its
service providers.

During our examination, we noted that ISBI
did not maintain documentation of its
independent internal control review of the
System and Organization Control (SOC)
reports for four of four (100%) service
providers. (Finding 2, page 9)

We recommended ISBI implement controls to
conduct formal reviews of the SOC reports of
its service providers and to ensure these
reviews are formally documented. Further, we
recommended the reviews document deviations
noted in the service providers’ SOC reports
to determine the impact to ISBI’s internal
control environment, and we recommended
these reviews should include the subservice
providers to determine their impact to
ISBI’s internal controls, and the
Complementary User Entity Controls (CUECs)
as they relate to ISBI’s internal controls.

ISBI agreed with our recommendations.

OTHER FINDINGS

The remaining findings pertain to failure to
implement controls related to cybersecurity
programs and practices, inadequate computer
security controls, and insufficient controls
over monthly reconciliations.  We will
review ISBI’s progress towards the
implementation of our recommendations in our
next State compliance examination.

AUDITOR’S OPINION

The financial audit report was previously
released. The auditors stated the financial
statements of ISBI as of and for the year
ended June 30, 2023, are fairly stated in
all material respects.

ACCOUNTANT’S OPINION

The accountants conducted a State compliance
examination of ISBI for the two years ended
June 30, 2023, as required by the Illinois
State Auditing Act. The accountants stated
ISBI complied, in all material respects,
with the requirements described in the
report.

This State compliance examination was
conducted by RSM US LLP.

JANE CLARK
Division Director


This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:dmg