REPORT DIGEST

GOVERNOR’S OFFICE OF MANAGEMENT AND BUDGET

COMPLIANCE EXAMINATION
FOR THE TWO YEARS ENDED JUNE 30, 2025

Release Date:  February 24, 2026

FINDINGS THIS AUDIT: 4

CATEGORY:  NEW -- REPEAT – TOTAL
Category 1:  0 -- 0 -- 0
Category 2:  3 -- 1 -- 4
Category 3:  0 -- 0 -- 0
TOTAL:  3 -- 1 -- 4

FINDINGS LAST AUDIT: 2

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, 400 West
Monroe, Suite 306, Springfield, IL
62704-9849
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

SYNOPSIS

• (25-01) The Governor’s Office of
Management and Budget (Office) did not
fully comply with the provisions of the
Cash Management Improvement Act (31 U.S.C.
§ 6501 and 31 U.S.C § 6503) (CMIA)
regarding required reports and threshold
computation.

• (25-04) The Office had weaknesses in
their internal controls related to change
management.

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

NONCOMPLIANCE WITH THE PROVISIONS OF THE
CASH MANAGEMENT IMPROVEMENT ACT

The Governor’s Office of Management and
Budget (Office) did not fully comply with
the provisions of the Cash Management
Improvement Act (31 U.S.C. § 6501 and 31
U.S.C § 6503) (CMIA) regarding required
reports and threshold computation.

The CMIA is a federal law that governs the
flow of federal funds between the federal
and state governments.

During our detailed testing of the Office’s
compliance with the CMIA requirements, we
noted the following exceptions in the
Fiscal Year 2023 CMIA Report (Report):

• The Office failed to consider two grants
specified in the Fiscal Year 2023 CMIA
Agreement between the State of Illinois and
United States Department of the Treasury
(Treasury-State Agreement) to be excluded
in the major program threshold
calculations. In addition, the Office used
an incorrect amount for another federal
grant in the threshold calculation. These
errors resulted in an overstatement of the
major program threshold by $1,107,402 for
Fiscal Year 2023.

• One federal grant with total expenditures
of $180,438,000 in the Fiscal Year 2021
Statewide Single Audit Report was not
included in the Fiscal Year 2023 CMIA
Report.

• One federal grant with total expenditures
of $61,315,000 per the Fiscal Year 2021
Statewide Single Audit Report did not
exceed the reporting threshold but was
included in the Fiscal Year 2023 CMIA
Report. (Finding 1, pages 9-10)

We recommended the Office ensure proper
review of the required CMIA reports and
related threshold calculations to ensure
compliance with the provisions of the
Federal Code of Regulations and CMIA.

The Office accepted the recommendation and
acknowledged the errors identified. The
Office noted they have strengthened their
internal controls over CMIA reporting
through the addition of staff to the CMIA
reporting team and an enhancement to their
review procedures prior to report
submission.

WEAKNESSES IN CHANGE MANAGEMENT CONTROLS

The Office had weaknesses in their internal
controls related to change management.

The Office utilizes various computer
systems and applications in its operations
to carry out its mission. As part of our
examination, we requested the Office
provide a population of all changes
developed and implemented during the
examination period; however, we noted the
Office did not have a central repository of
changes developed and implemented to
clearly document the completeness and
accuracy of the population.

Due to this condition, we were unable to
conclude the Office’s population was
sufficiently precise and detailed under the
Attestation Standards promulgated by the
American Institute of Certified Public
Accountants (AT-C § 205.36). Despite this
limitation, we performed testing over the
changes identified by the Office and noted
there was no supporting documentation to
substantiate the change was approved and
implemented correctly for one of three
(33%) changes tested.

During our review of the Office’s change
management policies and procedures, we
noted the policies and procedures were
minimal and lacked sufficient details
covering the basic controls over the change
management process, such as:

• Process for requesting changes,
• Approval process for requested changes,
• Testing requirements,
• Documentation requirements at each stage,
• User acceptance requirements,
• Post implementation review requirements,
and
• Monitoring of change requests from
initiation to close.

We also noted developers had access to the
production environment, resulting in a
segregation of duties weakness. (Finding 4,
pages 15-17)

We recommended the Office develop and issue
formal change management procedures to
control all changes made to computer
systems and applications. The procedures
should include at a minimum:

• Process for requesting a change,
• Approval process of the requested change,
• Testing requirements,
• Documentation requirements at each stage,
• User acceptance requirements,
• Post implementation review requirements,
and
• Monitoring of change requests from
initiation to close.

In addition, we recommended the Office
ensure proper segregation of duties over
changes or establish, adequately document,
and enforce compensating controls to ensure
appropriate management oversight and
approval of changes.

The Office acknowledged the observations
noted in the finding and accepted the
recommendation. The Office noted they are
working to formalize their change
management documentation, including
approval, testing, and review requirements.
They are also evaluating change management
segregation of duties and compensating
controls appropriate to the Office’s
operations.

OTHER FINDINGS

The remaining findings pertain to
inadequate controls over reporting and
noncompliance with the Grant Accountability
and Transparency Act. We will review the
Office’s progress towards the
implementation of our recommendations in
our next State compliance examination.

ACCOUNTANT’S OPINION

The accountants conducted a State
compliance examination of the Office for
the two years ended June 30, 2025, as
required by the Illinois State Auditing
Act.  The accountants stated the Office
complied, in all material respects, with
the requirements described in the report.

This State compliance examination was
conducted by Adelfia LLC.

COURTNEY DZIERWA
Division Director

This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:QK