REPORT DIGEST

STATE UNIVERSITIES RETIREMENT SYSTEM

FINANCIAL AUDIT
FOR THE YEAR ENDED JUNE 30, 2023

Release Date:  February 29, 2024

FINDINGS THIS AUDIT: 1

CATEGORY:  NEW -- REPEAT -- TOTAL
Category 1:  1 -- 0 -- 1
Category 2:  0 -- 0 -- 0
Category 3:  0 -- 0 -- 0
TOTAL:  1 – 0 -- 1

FINDINGS LAST AUDIT:  0

Category 1: Findings that are material
weaknesses in internal control and/or a
qualification on compliance with State laws
and regulations (material noncompliance).
Category 2: Findings that are significant
deficiencies in internal control and
noncompliance with State laws and
regulations.
Category 3: Findings that have no internal
control issues but are in noncompliance with
State laws and regulations.

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, Iles Park
Plaza, 740 E. Ash Street, Springfield, IL
62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

INTRODUCTION

This digest covers the financial statement
audit of the State Universities Retirement
System (System) as of and for the year ended
June 30, 2023.

The System’s total pension liability was
$52.638 billion at June 30, 2023.  The net
pension liability at June 30, 2023, was
$29.445 billion, which is the difference
between the System’s fiduciary net position
of $23.193 billion and the total pension
liability.  The System’s funded ratio was
44%.  The criteria used for computing
pension liability information in the
financial report in accordance with GASB
Statement No. 67 differs from the criteria
used to compute the actuarial accrued
liability and actuarial unfunded liability
under the State’s funding plan; therefore,
this information under the State’s funding
plan is no longer reported in the financial
statements. There were no findings reported
under Government Auditing Standards in our
audit.

FINDING SYNOPSIS

• (23-1) The State Universities Retirement
System had not implemented adequate controls
over its service providers.

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

INADEQUATE CONTROLS OVER SERVICE PROVIDERS

The State Universities Retirement System
(System) had not implemented adequate
internal controls over its service
providers.

We requested the System provide a population
of their service providers utilized in order
to determine if the System had reviewed the
internal controls of its service providers.
Although the System provided a population of
service providers, they did not provide
documentation demonstrating the population
was complete and accurate.

Due to these conditions, we were unable to
conclude the System’s population records
were sufficiently precise and detailed under
the Professional Standards promulgated by
the American Institute of Certified Public
Accountants (AU-C § 330, AU-C § 530, AT-C §
205). Even given the population limitations,
we tested a sample of five service
providers, noting the System had not:

• Implemented a process for the review of
their service providers’ internal controls.

• Ensured service provider agreements
included documented roles and
responsibilities and requirements to ensure
the security, integrity, availability,
confidentiality, and privacy controls over
the System’s applications and data.

• Conducted an analysis of deviations noted
in the service providers’ System and
Organization Control (SOC) Report to
determine the impact to their internal
control environment.

• Conducted an analysis to determine if the
subservice providers’ service impacted the
System’s internal control environment.

• Conducted a review of the Complementary
User Entity Controls and the System’s
related controls.

Due to these conditions, we were unable to
determine if the internal controls of the
service providers were adequate, and we were
required to perform alternative procedures.
No exceptions were noted during the
performance of the alternative procedures.
(Finding 1, pages 53-54).

We recommended the System strengthen its
controls in identifying and documenting all
service providers which are utilized and
document the process into a formalized
policy. Further we recommended the System:
• Implement a process for the review of the
service providers’ internal controls.
• Document roles and responsibilities and
requirements to ensure the security,
integrity, availability, confidentiality,
and privacy controls over the System’s
applications and data within the service
providers’ agreements.
• Conduct an analysis of deviations noted in
the service providers’ System and
Organization Control (SOC) Report and
determine the impact to their internal
control environment.
• Conduct an analysis to determine if the
subservice providers’ service impact the
System’s internal control environment.
• Conduct a review of the Complementary User
Entity Controls and the System’s related
controls.

System officials accepted the finding and
stated they have already begun to address
the items noted in the finding.

AUDITOR’S OPINION(S)

The auditors stated the financial statements
of the System as of and for the year ended
June 30, 2023 are fairly stated in all
material respects.

This financial audit was conducted by RSM US
LLP.

JANE CLARK
Division Director

This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:TLK