
REPORT DIGEST

DEPARTMENT OF INNOVATION AND
TECHNOLOGY

COMPLIANCE EXAMINATION
FOR THE TWO YEARS ENDED JUNE 30, 2022

Release Date:  March 23, 2023

FINDINGS THIS AUDIT:  26

CATEGORY:  NEW -- REPEAT -- TOTAL
Category 1:  2 -- 10 -- 12
Category 2:  1 -- 13 -- 14
Category 3:  0 -- 0 -- 0
TOTAL:  3 -- 23 -- 26

FINDINGS LAST AUDIT: 28

Category 1: Findings that are material
weaknesses in internal control and/or
a qualification on compliance with
State laws and regulations (material
noncompliance).
Category 2: Findings that are
significant deficiencies in internal
control and noncompliance with State
laws and regulations.
Category 3: Findings that have no
internal control issues but are in
noncompliance with State laws and
regulations.

State of Illinois, Office of the
Auditor General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report
contact:
Office of the Auditor General, Iles
Park Plaza, 740 E. Ash Street,
Springfield, IL 62703
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are
also available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

SYNOPSIS

• (22-01) The Department failed to
comply with the provisions of
Executive Order 2016-01: Executive
Order Consolidating Multiple
Information Technology Functions Into
A Single Department of Innovation and
Technology.

• (22-02) The Department failed to
maintain controls over its property
and related records.

• (22-03) The Department failed to
conduct risk assessments for all State
agencies as required by the Illinois
Information Security Improvement Act.

• (22-09) The Department had not
adopted formal Departmental rules for
the operation, administration, and
accounting of the Department.

• (22-11) The Department failed to
implement controls in place to
control, track, and monitor end-user
software use.

FINDINGS, CONCLUSIONS, AND
RECOMMENDATIONS

FAILURE TO COMPLY WITH EXECUTIVE ORDER
2016-01

The Department of Innovation and
Technology (Department) failed to
comply with provisions of Executive
Order 2016-01: Executive Order
Consolidating Multiple Information
Technology Functions Into A Single
Department of Innovation and
Technology.

During our testing, we noted 42
agencies had transferred their
Information Technology (IT) functions
to the Department. However, we noted
the Department had not entered into
Intergovernmental Agreements (IGA)
with six (14%) and seven (17%)
agencies for Fiscal Years 2021 and
2022, respectively.

Additionally, of the agencies
statutorily required to transfer their
IT functions to the Department, the
IGAs were not executed in a timely
manner during the examination period.
Specifically,
• 35 of 36 (97%) Fiscal Year 2021 IGAs
were not executed timely.
• 35 of 35 (100%) Fiscal Year 2022
IGAs were not executed timely.

The IGAs were executed 168 to 998 days
after the effective date of the
agreement. (Finding 1, pages 11 – 12)
This finding has been reported since
2018.

We recommended the Department work
with the agencies to ensure IGAs are
timely executed and IGAs are entered
into with all transferring agencies.

The Department accepted the finding
and recommendation and stated it had
not completed the transfer of all
personnel and property for agencies
identified in the statute and
continues to work with agencies to
complete the transfer of personnel and
property as required by the Executive
Order and Department of Innovation and
Technology Act (20 ILCS 1370).  The
Department further stated it had
provided IGAs for client agency
signature to all transferring agencies
and follows up with the agencies to
have agreements in place, Lastly, the
Department stated they were funded via
charging back agencies for costs and
the significant delay in both the
payment cycle and the deposit of cash
into the Department’s Technology
Management Revolving Fund has
prevented the full transfer of the
remaining personnel to Department
payroll.

FAILURE TO MAINTAIN CONTROLS OVER
PROPERTY

The Department failed to maintain
controls over its property and related
records.

Agency Report of State Property

During our testing of the Agency
Report of State Property (Form C-15)
filed with the Office of Comptroller,
we noted:
• The Department did not provide
evidence of review for 16 of 16 (100%)
quarterly C-15 Reports required to be
filed during Fiscal Years 2021 and
2022. As such, we were not able to
determine whether these reports were
reviewed prior to submission.
• The Department did not consistently
classify equipment subject to theft.
Equipment totaling $5,627,655 and
$4,829,016 was not classified as
subject to theft and not reported in
the C-15 and Annual Inventory
Certification reports in Fiscal Years
2021 and 2022, respectively.
Additionally, equipment totaling
$128,915 and $87,089 was not
classified as subject to theft in
Fiscal Years 2021 and 2022,
respectively, although these
properties were within the scope of
the Department’s high-theft property
definition under Section 2.1b of the
property control procedure.
• For the Fiscal Year 2021 C-15
Reports:
• Equipment, totaling $558,393,343 at
June 30, 2021, did not agree with the
Department’s property listing. The
discrepancy totaled $6,526.
• Property additions did not agree
with the detailed list of additions
provided by the Department. The
discrepancies totaled $1,586,204.
Additionally, properties added to the
ERP were overstated by $186,051 and
$219,040 for the Technology Management
Revolving Fund (Fund 0304) and
Government Funds (General Fund (Funds
0001) and Capital Development Fund
(Fund 0141)), respectively.
• Property deletions did not agree
with the detailed listing of deletions
provided by the Department. The
discrepancies totaled $2,033,000.
Additionally, properties removed from
the ERP were understated by $21,540.
• Net transfers did not agree with the
detailed list of net transfers
provided by the Department. The
discrepancies totaled $1,709,947.

• For the Fiscal Year 2022 C-15
Reports:
• Equipment, totaling $402,731,172 at
June 30, 2022, did not agree with the
Department’s property listing. The
discrepancy totaled $8,195.
• Property additions did not agree
with the detailed list of additions
provided by the Department. The
discrepancies totaled $4,112,081.
Additionally, properties added to the
ERP were overstated by $315,884 for
the Technology Management Revolving
Fund (Fund 304).
• Net transfers did not agree with the
detailed list of net transfers
provided by the Department. The
discrepancies totaled $4,112,571.
• Property deletions totaling
$146,840,965 were incorrectly reported
as adjustment to additions.

Annual Certification of Inventory

During our testing of the Annual
Inventory Certification Reconciliation
filed with DCMS, we noted:
• Properties totaling $211,651,503 and
$46,845,799 were not reported in the
Annual Inventory Certification
submitted to DCMS during Fiscal Years
2021 and 2022, respectively.
• 544 and 520 property items reported
to DCMS during Fiscal Years 2021 and
2022 did not have a reported cost.
• The Department reported an
astronomical increase in the number
and value of unlocated items during
Fiscal Year 2021 and Fiscal Year 2022.
The number of the unlocated items
increased by 1,057 or 254% and 2,481
or 168%, during Fiscal Year 2021 and
Fiscal Year 2022, respectively. The
value of the unlocated items increased
by $2,051,683 or 389% and $3,181,792
or 123%, during Fiscal Year 2021 and
Fiscal Year 2022, respectively.
• During Fiscal Year 2022, one
Department location code understated
the value of the missing properties in
the Annual Inventory Certification by
$302,171. During Fiscal Year 2021,
three Department location codes
overstated the value of the missing
properties in the Annual Inventory
Certification by $32,557.

Population Completeness

We requested the Department to provide
the population of its property in
order to determine if property had
been properly recorded. In response to
the request, the Department provided a
population; however, given the noted
exceptions above we were unable to
conclude the Department’s population
records were sufficiently precise and
detailed under the Professional
Standards promulgated by the American
Institute of Certified Public
Accountants (AT-C § 205.36).

Even given the population limitations
noted above, we performed testing on a
sample of the property population.

Detailed Testing

Property Additions
• Four of 60 (7%) property additions,
totaling $1,054,583, were recorded 344
to 753 days late.
• The Department did not record on its
property listing and did not report on
the Department’s annual inventory
report submitted to DCMS a voucher for
the purchase of equipment totaling
$1,929,406.
• Three of 60 (5%) property additions,
totaling $142,036,908, were not
properly recorded in the ERP,
resulting in an overstatement of
$26,339,417.

Property Deletions and Unlocated
Computers
• Eleven of 60 (18%) property
deletions, totaling $11,925, were
recorded 32 to 1,815 days late.
• Three of 60 (5%) property deletions,
totaling $75,417, were recorded with
improper transaction codes.
• Thirteen of 60 (22%) unlocated
computers, totaling $28,660, were
reported as missing items in the
Annual Inventory Certification,
although these items were still active
and in use.
• Six of 60 (10%) Certificates of
Media Sanitization (Certificates)
tested were not properly completed.
The Certificates had incorrect tag
numbers, serial numbers, and were not
dated.
• The Department did not provide
documentations to determine if:
• Six of 60 (10%) property deletions
totaling $10,417, were properly
processed, approved, supported, and
timely recorded;
• Nine of 60 (15%) computers disposed
of, totaling $10,488, had confidential
data and were properly wiped; and
• Forty-five of 60 (75%) unlocated
computers, totaling $76,165, had
confidential information stored and
were properly wiped.

Physical observation of equipment
During testing, we noted:
• Twenty eight of 60 (47%) items,
totaling $92,742, were not found at
the location indicated on the
Department’s property listing.
• Thirteen of 60 (22%) items, totaling
$55,924, were assigned an incorrect
location code.
• Sixty of 60 (100%) surplus items had
not been recycled, issued, or reported
as transferable property to DCMS.
• Ten of 61 (16%) items were not
recorded in the property records as
well as in the Annual Inventory
Certification submitted to DCMS.
(Finding 2, pages 13 – 19) This
finding was first reported in 2018.

We recommended the Department
implement controls to ensure all
property is accounted for in
accordance with the Illinois
Administrative Code and the Statewide
Accounting Management System Manual.
In addition, we recommended the
Department ensure the reporting to
DCMS and the Office of Comptroller is
accurate and reconciled to the
Department’s records.

The Department accepted the finding
and recommendation and stated both the
accounting and property control
departments are working independently
and together to streamline processes.
The Department also stated it was
planning to utilize additional
technology to help with property
control discrepancies.

FAILURE TO CONDUCT RISK ASSESSMENTS
FOR ALL STATE AGENCIES

The Department failed to conduct risk
assessments for all State agencies as
required by the Illinois Information
Security Improvement Act (Act).

Our testing of the Department’s risk
assessment documentation noted:
• Five of eight (63%) risk assessments
identified as completed in fact had
not been completed during Fiscal Year
2021.
• The Department did not provide
documentation demonstrating the
population of risk assessments
conducted during Fiscal Year 2022 was
complete and accurate. Therefore, we
were unable to conduct detailed
testing. (Finding 3, page 20)

We recommended the Department work
with the agencies to ensure risk
assessments are conducted for all
State agencies to comply with the Act
and maintain documentation
demonstrating the population of risk
assessments is complete.

The Department accepted the finding
and recommendation and stated it was
working to add more resources to the
Information Security Division to
address capacity constraints.

FAILURE TO ADOPT FORMAL DEPARTMENTAL
RULES

The Department had not adopted formal
Departmental rules for the operation,
administration, and accounting of the
Department.

During our examination, we noted the
Department had not drafted or adopted
formal rules related to accounting and
personnel. (Finding 9, page 31) This
finding was first reported in 2018.

We recommended the Department adopt
formal rules for the operation,
administration, and accounting of the
Department.

The Department accepted the finding
and recommendation and stated it had
adopted formal administrative rules
regarding the Department organization
in FY20 (2 Ill. Admin. Code 1530) and
is in the process of establishing
additional policies and procedures.

FAILURE TO CONTROL AND MONITOR
SOFTWARE LICENSING

The Department failed to implement
controls in place to control, track,
and monitor end-user software use.

The Department had not developed
procedures for controlling,
monitoring, and tracking the use of
software licenses. In addition, the
Department could not provide an
inventory of software licenses
purchased and the number of software
licenses that were actually deployed.
As a result, we were unable to
determine if the Department was in
compliance with contractual licensing
agreements. (Finding 11, pages 34 –
35) This finding was first reported in
2018.

We recommended the Department develop
and implement procedures and a
tracking mechanism to control,
monitor, and track software licenses
and its utilization. Furthermore, we
recommended the Department at least
annually reconcile their software
license inventory to vendor software
inventory to ensure software is
deployed in accordance with the terms
of procurement.

The Department accepted the finding
and recommendation and stated it was
making progress on the corrective
action plan with a software asset
management tool now in place and
formal procedures and processes are
being developed.

OTHER FINDINGS

The remaining findings related to
Information Technology security,
voucher processing, FCIAA, training,
overtime requests, service providers,
monthly reconciliations, collection
efforts, vehicles, contracts, and
agreements.  We will review the
Department’s progress towards the
implementation of our
recommendations in our next compliance
examination.

ACCOUNTANT’S OPINION

The accountants conducted a compliance
examination of the
Department for the two years ended
June 30, 2022, as required
by the Illinois State Auditing Act.
The accountants qualified
their report on State compliance for
Findings 2022-001 through 2022-012.
Except for the noncompliance described
in these findings, the accountants
stated the Department complied, in all
material respects, with the
requirements described in the report.

This compliance examination was
conducted by Roth &
Company.

JANE CLARK
Division Director

This report is transmitted in
accordance with Section 3-14 of the
Illinois State Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:mkl