REPORT DIGEST STATE OF ILLINOIS STATEWIDE SINGLE AUDIT REPORT SINGLE AUDIT FOR THE YEAR ENDED JUNE 30, 2021 Release Date: June 28, 2022 FINDINGS THIS AUDIT: 40 CATEGORY: NEW -- REPEAT – TOTAL Category 1: 12 -- 10 -- 22 Category 2: 13 -- 5 -- 18 Category 3: 0 -- 0 -- 0 TOTAL: 25 -- 15 -- 40 FINDINGS LAST AUDIT: 29 Category 1: Findings that are material weaknesses in internal control and/or a qualification on compliance with State laws and regulations (material noncompliance). Category 2: Findings that are significant deficiencies in internal control and noncompliance with State laws and regulations. Category 3: Findings that have no internal control issues but are in noncompliance with State laws and regulations. State of Illinois, Office of the Auditor General FRANK J. MAUTINO, AUDITOR GENERAL To obtain a copy of the Report contact: Office of the Auditor General, Iles Park Plaza, 740 E. Ash Street, Springfield, IL 62703 (217) 782-6046 or TTY (888) 261-2887 This Report Digest and Full Report are also available on the worldwide web at www.auditor.illinois.gov SYNOPSIS • The State expended approximately $62.4 billion from federal awards in FY21. • A total of 21 programs or program clusters were classified and audited as major programs at 12 State agencies. These programs constituted approximately 86.9% of all federal spending, or about $54.3 billion. In addition, 55 State agencies expended federal financial assistance in FY21. Twelve State agencies accounted for about 99.0% of federal dollars spent. Significant Agency Findings Classified as Material Noncompliance Resulting in an Auditor Qualification • The Department of Healthcare and Family Services: • Did not obtain the annual audited financial reports required for each Managed Care Organization (MCO) specific to each MCO’s Medicaid contract for the Children’s Health Insurance Program (CHIP) and Medicaid Cluster programs. Additionally, did not perform periodic audits of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO for the CHIP and Medicaid Cluster programs. • The Department of Human Services: • Could not locate case file documentation supporting eligibility determinations and special test requirements for beneficiaries of the SNAP Cluster and/or the Temporary Assistance for Needy Families (TANF) program. • Was unable to provide adequate documentation to substantiate the maintenance of effort (MOE) requirements were met for the Block Grants for Prevention and Treatment of Substance Abuse (SAPT) program for award year 2019 that closed during State fiscal year 2021. • Did not meet the 5% administrative earmarking requirements of the SAPT program for the federal fiscal year 2019. • Failed to provide supporting documentation for the post-expenditure report including a key line item, the number of eligible individuals who received services paid for in part or in whole with federal funds under the Social Services Block Grant (Title XX) program. • Did not follow its established program monitoring policies and procedures for subrecipients of the TANF, CCDF Cluster, Social Services Block Grant, and SAPT programs. • The Illinois Criminal Justice Information Authority: • Created a fiscal risk assessment policy but did not execute the risk assessment of subrecipients of the Crime Victim Assistance (CVA) program as required by the Uniform Guidance during fiscal year 2021. Additionally, ICJIA did not perform programmatic and fiscal on-site visits in accordance with its established monitoring procedures, did not have adequate controls around the review of single audit reports, and did not include identifying information with disbursements made to subrecipients. • Does not have adequate controls in place to ensure amounts reported on the federal financial status report (SF-425) and the annual Victims of Crime Act (VOCA) progress report are complete and accurate. • The Illinois Department of Employment Security: • Inaccurately calculated the weekly benefit amount (WBA) for certain claimants of the Pandemic Unemployment Assistance (PUA) program during the year ended June 30, 2021. In addition, IDES did not establish adequate internal controls over its third-party service organization who administered the Unemployment Framework for Automated Claim & Tax Services (uFACTS) system used to determine eligibility for the PUA program. • Did not implement Federal requirements to improve program integrity and reduce overpayments. • Did not complete the Benefit Accuracy Measurement (BAM) case file reviews in accordance with USDOL requirements for the Unemployment Insurance (UI) program. • The Illinois Emergency Management Agency: • Is responsible for filing the statewide Coronavirus Relief Fund (CRF) reports by utilizing self- reported data from each agency, but there is no statewide process to validate completeness of each quarterly report. In addition, the Illinois Department of Human Services, the Illinois Department of Public Health, the Illinois Criminal Justice Information Authority, the Illinois Department of Transportation, and the Illinois Emergency Management Agency failed to report information required by the Federal Funding Accountability and Transparency Act (FFATA) for awards granted to subrecipients of various programs. INTRODUCTION The Illinois Office of the Auditor General conducted a Statewide Single Audit of the FY21 federal grant programs. The audit was conducted in accordance with the Uniform Guidance (Title 2 U.S. Code of Federal Regulation Part 200, Uniform Administration Requirements, Cost Principles, and Audit Requirements for Federal Awards). The Statewide Single Audit includes State agencies that are a part of the primary government and expend federal awards. In total, 55 State agencies expended federal financial assistance in FY21. A separate supplemental report has been compiled by the Governor’s Office of Management and Budget and provides summary information on federal spending by State agency. The Statewide Single Audit does not include those agencies that are defined as component units such as the State universities and finance authorities. The component units continue to have separate single audits when required. The Schedule of Expenditures of Federal Awards (SEFA) reflects total expenditures of approximately $62.4 billion for the year ended June 30, 2021. Overall, the State participated in 294 different federal programs; however, 10 of these programs or program clusters accounted for approximately 88.4% of the total federal award expenditures. (See Exhibit I) The funding for the 294 programs was provided by 23 different federal agencies. Exhibit II shows that five federal agencies provided Illinois with the vast majority of federal funding in FY21. A total of 21 federal programs or program clusters were identified as major programs in FY21. A major program was defined in accordance with the Uniform Guidance as any program with federal awards expended that meets certain criteria when applying the risk-based approach. Exhibit III provides a brief summary of the number of programs classified as “major” and “non-major” and related federal award expenditures. Exhibit III Classification of Federal Programs “Major vs. Non-Major” and Related Federal Award Expenditures for the year ended June 30, 2020 Audit Coverage – No. – Expenditures in Millions -- % Major Programs or Clusters – 21 -- $54,255.9 – 86.9% Non-Major Programs or Clusters – 273 -- $8,161.4 – 13.1% Total – 294 -- $62,417.3 – 100% Twelve State agencies accounted for approximately 99.0% of all federal dollars spent during FY21 as depicted in Exhibit IV. AUDITORS’ REPORT ON COMPLIANCE WITH REQUIREMENTS THAT COULD HAVE A DIRECT AND MATERIAL EFFECT ON EACH MAJOR PROGRAM AND INTERNAL CONTROL OVER COMPLIANCE The auditors’ report contained qualifications on compliance as summarized below. The complete text of the Auditors’ Report may be found on pages 16-19 of the audit. Qualifications The auditors qualified their report on major programs for the following noncompliance findings: (See chart in the pdf version of this digest.) Internal Control Over Compliance We noted certain matters involving internal control over compliance that were considered to be significant deficiencies. A control deficiency in an entity’s internal control over compliance exists when the design or operation of a control over compliance does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, noncompliance with a type of compliance requirement of a federal program on a timely basis. A significant deficiency in internal control over compliance is a deficiency, or combination of deficiencies, in internal control over compliance with a type of compliance requirement of a federal program that is less severe than a material weakness in internal control over compliance, yet important enough to merit attention by those charged with governance. Overall, 17 of the 40 findings reported in the single audit were classified as compliance significant deficiencies. Material weaknesses were also disclosed in our report. A material weakness in internal control over compliance is a deficiency, or combination of deficiencies, in internal control over compliance, such that there is a reasonable possibility that material noncompliance with a type of compliance requirement of a federal program will not be prevented, or detected and corrected, on a timely basis. Overall, 23 of the 40 findings reported in the single audit were classified as material weaknesses. FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS Exhibit V summarizes the number of report findings by State agency, identifies the number of repeat findings, and references the findings to specific pages in the report. FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS Exhibit V summarizes the number of report findings by State agency, identifies the number of repeat findings, and references the findings to specific pages in the report. (See chart in the pdf version of this digest.) Exhibit VI summarizes the total number of findings, number of repeated findings and the percentage of repeated findings for the past ten years. (See chart in the pdf version of this digest.) DEPARTMENT OF HEALTHCARE AND FAMILY SERVICES (DHFS) We noted DHFS, as the administering State agency, did not materially comply with specific requirements described on page 17 of the Single Audit Report. Specifically, we noted DHFS did not obtain the annual audited financial reports required for each managed Care Organization (MCO) specific to each MCO’s Medicaid contract of the Children’s Health Insurance Program (CHIP) and Medicaid Cluster programs. Additionally, DHFS did not perform periodic audits of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO for the CHIP and Medicaid Cluster programs. As a result of not performing periodic audits, no audit results were available to be posted on DHFS’ website. (Finding No. 2021-009, pages 40-41) The material noncompliance noted resulted in modified opinions on compliance for the CHIP and Medicaid Cluster programs. DHFS accepted our recommendations. DEPARTMENT OF HUMAN SERVICES (IDHS) We noted IDHS, as the administering State agency, did not materially comply with specific requirements described on page 17 of the Single Audit Report. Specifically, we noted the following: • IDHS could not locate case file documentation supporting eligibility determinations and special test requirements for beneficiaries of the SNAP Cluster and/or the Temporary Assistance for Needy Families (TANF) program. Similar findings on this issue have been reported since 2001. (Finding No. 2021-011, pages 44-46) • IDHS was unable to provide adequate documentation to substantiate the maintenance of effort (MOE) requirements were met for the Block Grants for Prevention and Treatment of Substance Abuse (SAPT) program for award year 2019 that closed during State fiscal year 2021. Similar findings on this issue have been reported since 2014. (Finding No. 2021-012, pages 47-48) • IDHS did not meet the 5% administrative earmarking requirements of the SAPT program for the federal fiscal year 2019. IDHS overreported administrative expenditures by $206,510. No more than 5% of the grant may be expended to pay administrative costs. (Finding No. 2021-013, pages 49-50) • IDHS failed to provide supporting documentation for the post-expenditure report including a key line item, the number of eligible individuals who received services paid for in part or in whole with federal funds under the Social Services Block Grant (Title XX) program. As a result of the documentation deficiencies identified, testing a sample of individuals to verify the individual was eligible for the service received could not be performed. (Finding No. 2021-016, pages 56-57) • IDHS did not follow its established program monitoring policies and procedures for subrecipients of the TANF, CCDF Cluster, Title XX, and SAPT programs. IDHS did not perform on- site monitoring reviews of subrecipients in accordance with IDHS’ planned monitoring schedule and/or could not provide support for the review. In addition, IDHS did not provide timely notification of the results of programmatic on-site reviews and did not complete quality reviews on a timely basis. Similar findings on this issue have been reported since 2011. (Finding No. 2021-017, pages 58-61) The material noncompliance noted resulted in modified opinions on compliance for the TANF, SNAP Cluster, SAPT, Title XX, and CCDF Cluster programs. IDHS accepted our recommendations. ILLINOIS CRIMINAL JUSTICE INFORMATION AUTHORITY (ICJIA) We noted ICJIA, as the administering State agency, did not materially comply with specific requirements described on page 18 of the Single Audit Report. Specifically, we noted the following: • ICJIA created a fiscal risk assessment policy but did not execute the risk assessment of subrecipients of the Crime Victim Assistance (CVA) program as required by the Uniform Guidance during fiscal year 2021. Additionally, ICJIA did not perform programmatic and fiscal on-site visits in accordance with its established monitoring procedures, did not have adequate controls around the review of single audit reports, and did not include identifying information with disbursements made to subrecipients. Similar findings on this issue have been reported since 2019. (Finding No. 2021-026, pages 80-82) • ICJIA does not have adequate controls in place to ensure amounts reported on the federal financial status report (SF-425) and the annual Victims of Crime Act (VOCA) progress report are complete and accurate. We noted the total recipient share of expenditures of approximately $15.1 million reported on the final SF-425 submitted for the Federal fiscal year 2017 did not agree to supporting documentation. Specifically, we noted two matching contributions did not agree to the underlying expenditure reports submitted by subrecipients, and as a result of these errors, the total recipient share of expenditures was understated by approximately $17,000. Similar findings on this issue have been reported since 2019. (Finding No. 2021-027, pages 83-84) The material noncompliance noted resulted in a modified opinion on compliance for the Crime Victim Assistance program. ICJIA accepted our recommendations. ILLINOIS DEPARTMENT OF EMPLOYMENT SECURITY (IDES) We noted IDES, as the administering State agency, did not materially comply with specific requirements described on page 18 of the Single Audit Report. Specifically, we noted the following: • IDES inaccurately calculated the weekly benefit amount (WBA) for certain claimants of the Pandemic Unemployment Assistance (PUA) program during the year ended June 30, 2021. In addition, IDES did not establish adequate internal controls over its third-party service organization who administered the Unemployment Framework for Automated Claim & Tax Services (uFACTS) system used to determine eligibility for the PUA program. IDES used an outdated WBA pay chart table to calculate the weekly benefit amount for PUA claimants, resulting in underpayments to some PUA claimants. In addition, we identified 3 data entry errors in the PUA system which resulted in the incorrect WBA being calculated and paid to PUA claimants. (Finding No. 2021-030, pages 89-91) • IDES did not implement Federal requirements to improve program integrity and reduce overpayments. The State is required to establish written procedures for: (1) identifying overpayments, (2) classifying overpayments into categories based on the reason the overpayment occurred, and (3) establishing appropriate methods for following up on each category of overpayment. In establishing these procedures, the State is required to enter into three agreements prior to commencing recoveries, including an agreement to permit the State to offset State unemployment insurance (UI) from Federal UI payments, an agreement to permit the State to recover overpayments from benefits being administered by another State, and an agreement to permit the State to utilize the Treasury Offset Program to recover overpayments that remain uncollected. During our testing, we noted that while IDES has developed the written procedures relative to overpayments and has entered into the required agreements, the written procedures did not address the requirement to impose a monetary penalty on fraud overpayments. Additionally, we noted the policies do not address the prohibition of providing employers relief resulting from an employer failing to provide timely or adequate information. Similar findings on this issue have been reported since 2015. (Finding No. 2021-033, pages 96-97) • IDES did not complete the Benefit Accuracy Measurement (BAM) case file reviews in accordance with USDOL requirements for the Unemployment Insurance (UI) program. IDES’ BAM unit is required to draw samples of payments and denied claims and complete prompt and in-depth investigations to determine if the administration of the unemployment compensation program is consistent with State and federal law. During our testing, we noted IDES did not achieve the required percentage of case reviews within the required timeframes. (Finding No. 2021-034, pages 98-100) The material noncompliance noted resulted in a modified opinion on compliance for the Unemployment Insurance program. IDES accepted our recommendations. ILLINOIS EMERGENCY MANAGEMENT AGENCY (IEMA) We noted IEMA, as the administering State agency, did not materially comply with specific requirements described on page 18 of the Single Audit Report. Specifically, we noted IEMA is responsible for filing the statewide Coronavirus Relief Fund (CRF) reports by utilizing self-reported data from each agency, but there is no statewide process to validate completeness of each quarterly report. The State of Illinois delegated the statewide reporting for CRF to IEMA. IEMA’s process includes instructing each agency with CRF expenses to complete the Treasury reporting template. IEMA then consolidates the templates to create a consolidated report to file with the U.S. Treasury Department. There is no process to verify the agency templates include all the expenditures for the quarter, nor is there a year-end process to reconcile the four quarters to the Schedule of Expenditures of Federal Awards. (Finding No. 2021-038, pages 107-108) The material noncompliance noted resulted in a modified opinion on compliance for the Coronavirus Relief Fund program. IEMA accepted our recommendation. FAILURE TO REPORT SUBAWARD INFORMATION REQUIRED BY FFATA IDHS, the Illinois Department of Public Health (IDPH), ICJIA, the Illinois Department of Transportation, and IEMA (collectively, the agencies) failed to report information required by the Federal Funding Accountability and Transparency Act (FFATA) for awards granted to subrecipients of multiple programs. FFATA requires the State to report certain identifying information related to awards made to subrecipients in amounts greater than or equal to $30,000. Of the information required to be reported, the following key data elements are required to be audited: 1. Subawardee Name 2. Subawardee DUNS number 3. Amount of subaward 4. Subaward obligation or action date 5. Date of report submission 6. Subaward number 7. Subaward project description 8. Subawardee names and compensation of highly compensated officers Failure to identify awards subject to FFATA and to report subawards in accordance with FFATA results in noncompliance with federal requirements. (Finding No. 2021-014, pages 51-52; Finding No. 2021-015, pages 53-55; Finding No. 2021-021, pages 68-69; Finding No. 2021-028, pages 85-86; Finding No. 2021-036, pages 103-104; Finding No. 2021-039, pages 109-110) The material noncompliance described above resulted in modified opinions on the SAPT, TANF, SSBG, CCDF, Epidemiology and Laboratory Capacity for Infectious Diseases (ELC), Crime Victim Assistance, Airport Improvement Program, and Disaster Grants – Public Assistance (Presidentially Declared Disasters) programs. The agencies accepted our recommendations. OTHER FINDINGS The remaining findings pertain to other compliance and internal control matters. We will follow up on the status of corrective action on all findings in our next Statewide Single Audit for the year ended June 30, 2022. AUDITORS’ OPINION The auditors stated the Schedule of Expenditures of Federal Awards for the State of Illinois as of and for the year ended June 30, 2021, is presented fairly in all material respects. This single audit was conducted by the firm of KPMG LLP. Jane Clark Division Director This report is transmitted in accordance with Section 3-14 of the Illinois State Auditing Act. FRANK J. MAUTINO Auditor General FJM:CMD