State Universities Retirement System 2001 Compliance Audit

REPORT DIGEST

STATE UNIVERSITIES RETIREMENT SYSTEM

COMPLIANCE AUDIT

For the Year Ended:

June 30, 2001

Summary of Findings:

Total this audit 2
Total last audit 3
Repeated from last audit 0

Release Date:
February 28, 2002

State of Illinois

Office of the Auditor General

WILLIAM G. HOLLAND

AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General
Attn: Records Manager
Iles Park Plaza
740 E. Ash Street
Springfield, IL 62703

(217)782-6046 or TDD (217) 524-4646

This Report Digest is also available on
the worldwide web at
http://www.state.il.us/auditor

SYNOPSIS

Controls over computer resources should be enhanced to safeguard critical functions from unauthorized access.

{Financial Information and Activity Measures are summarized on the reverse page.}

STATE UNIVERSITIES RETIREMENT SYSTEM
INFORMATION FROM FINANCIAL AND COMPLIANCE AUDITS
Two Years Ended June 30, 2001

FINANCIAL OPERATIONS	FY 2001	FY 2000
Additions Contributions Participants Employer Total Contributions Investment Income Net appreciation (depreciation) in fair market value Interest Dividends Other Less: Investment expense Net Investment Income Total Additions Deductions Total benefits Other expenses Total Deductions Net Increase (Decrease)	$241,800,200 266,576,335 $508,376,535 $(1,314,005,959) 199,324,781 62,707,138 4,181,533 16,877,602 $(1,064,670,109) $(556,293,574) $664,840,920 60,987,147 $725,828,067 $(1,282,121,641)	$238,013,504 255,838,989 $493,852,493 $1,292,509,593 163,357,098 59,163,434 3,570,087 17,262,775 $1,501,337,437 $1,995,189,930 $590,219,130 60,637,895 $650,857,025 $1,344,332,905
INVESTMENT PORTFOLIO ANALYSIS (Fair Market Value)	JUNE 30, 2001	JUNE 30, 2000
Total equities Total fixed income securities Cash and short-term investments Real estate investments Mutual funds and variable annuities Accrued investment income Total Portfolio at Fair Market Value	$7,023,868,873 3,871,691,452 443,566,849 1,873,089 91,642,555 31,639,814 $11,464,282,632	$8,621,122,481 3,511,229,392 491,175,634 6,905,654 67,244,728 30,991,993 $12,728,669,882
ADMINISTRATIVE EXPENSES	FY 2001	FY 2000
Personal services and benefits Other professional fees and services Depreciation Postage Printing and copying services Building operations expenses Self-managed plan Other expenses Total Administrative Expenses	$5,719,110 1,544,787 1,758,329 559,505 312,705 229,015 519,308 542,394 $11,185,153	$5,493,374 2,094,569 1,361,308 448,429 319,368 207,280 437,692 539,861 $10,901,881
SELECTED ACCOUNT BALANCES	JUNE 30, 2001	JUNE 30, 2000
Investments at Market Value Securities lending collateral Cash & short term investments Pending investment sales Accrued investment income receivable Other assets Total assets Securities lending collateral Payable to brokers for unsettled trades Other payables Total liabilities Net assets held in trust for pension benefits	$10,989,075,969 936,284,921 443,566,849 73,682,043 31,639,814 21,682,694 $12,495,932,290 936,284,921 670,770,445 33,636,542 $1,640,691,908 $10,855,240,382	$12,206,502,255 705,947,077 491,175,634 619,180,121 30,991,993 25,642,586 $14,079,439,666 705,947,077 1,200,600,257 35,530,309 $1,942,077,643 $12,137,362,023
SUPPLEMENTARY INFORMATION	FY 2001	FY 2000
Total investment administrative expenses Investment return (unaudited) Average number of employees Number of active members Number of inactive members Number of retirement benefit recipients Number of survivors benefit recipients Number of disabilities benefit recipients	$15,704,710 (8.8%) 104 77,781 51,634 25,749 5,700 808	$16,237,453 14.0% 106 77,770 46,829 23,829 5,500 833
EXECUTIVE DIRECTOR
During Audit Period and Currently: Mr. James M. Hacking

Critical systems must be safeguarded from unauthorized access

INTRODUCTION

This digest covers our compliance audit of the State Universities Retirement System (SURS) for the year ended June 30, 2001. A financial audit covering the year ending June 30, 2001 is being issued separately.

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

COMPUTER SECURITY

SURS had not established adequate controls over some of its computer resources that are critical to the performance of its mission. Users rely on computer systems such as the Pay Benefits System and the Internet to perform mission-critical functions, and in the future SURS plans to increase the use of the Internet to perform both employer and membership functions.

Without the implementation of adequate controls and procedures, there is an increased danger that unauthorized individuals may gain access to computer resources. Also, it could lead to the loss or corruption of critical data. (Finding 2, pages 10-11)

We recommended SURS establish comprehensive policies and procedures that outline security standards. In particular, we recommended that SURS direct all network traffic through the firewall; conduct a thorough firewall ruleset review; continue the implementation of encryption software to ensure secure transmission of payroll data over the Internet; and enhance the Pay Benefits System user passwords and review of access capabilities.

SURS officials accepted all of the recommendations and stated they will implement them as soon as possible.

OTHER FINDINGS

The remaining finding is less significant, and SURS’ response indicates it is addressing the condition. We will review progress toward implementing the recommendations in our next audit.

Mr. Steve Hayward, Internal Auditor at SURS provided responses to our recommendations.

____________________________________

WILLIAM G. HOLLAND, Auditor General

WGH:KMA:pp

SPECIAL ASSISTANT AUDITORS

Arthur Andersen LLP were our special assistant auditors for this audit.