State Retirement Systems' of Illinois Audit & Compliance Committee met Jan. 9.
Here is the minutes provided by the Committee:
Members Present:
David Morris, Vice Chairperson
Shaun Dawson, SERS Trustee
Loren Iglarsh, SERS Retiree
Others in attendance:
Tim Blair, Executive Secretary
Casey Evans, Chief Internal Auditor (CIA)
Absent:
Staceyann Cabey-Kaufmann, Internal Auditor
The Audit and Compliance Committee convened on Tuesday, January 9, 2018, at 9:00 a.m. in the System’s Springfield office with a video conference location at the Bilandic Building in Chicago. A quorum of the committee members was present. Seeing that there were no public comments, Mr. Iglarsh moved to approve the minutes from the October 31, 2017, Audit and Compliance Committee meeting with Vice Chairperson Morris seconding the motion.
CIA Evans began the meeting stating that several audit projects are being planned, while others are nearing completion. An IT Security Audit is in progress with some work being performed in November and December. At this point, access rights to systems, physical security, and portions of system security have been reviewed. Many good internal controls have been noted and some recommendations have already been provided when it was deemed that a certain matter needed immediate attention. The group discussed physical security concerns such as building access, background checks of vendors, and placement of security cameras and devices. It was explained that additional inquiries and information gathering will be needed for this audit, but it is anticipated that this work would conclude in late January or early February with a report to be issued and a detailed presentation provided during the next committee meeting in April.
CIA Evans explained that Ms. Cabey-Kaufmann was absent from today’s meeting but was nearing completion of an audit covering the process by which SERS converts physical member documents to digital images that are maintained and can be accessed by staff depending on their job duties and access rights. During this audit, procedures were developed to focus on quality control procedures and document retention. CIA Evans and Executive Secretary Blair gave a brief background on the previous use of member files prior to digitization and noted that this process drastically improved record retention, document retrieval, and security. While the audit has not been released, the auditors anticipate that no findings will be drafted as several strong quality controls were noted from the auditors’ review of business processes. From this project, the internal auditors have identified recommendations which they feel could save staff time and possibly improve the scanning operations of the retirement system. These recommendations will be provided in the full report which they hope to release on January 18, 2018.
The group moved on to discuss a current fraud risk recognized by public pension funds. CIA Evans explained that two state pension funds outside of Illinois have experienced a scheme by which a hacker has already obtained members’ dates of birth and full social security numbers. The hacker then uses this information to register a retiree for an online retirement account with the pension fund and once access is granted, the direct deposit information is changed online to divert funds to the hacker. It was explained that in early November, the internal auditors requested a data query of multiple benefit payments going to a single bank account. In reviewing the results, the internal auditors noted that nothing appeared unusual, however, one account was receiving five benefit payments per month. After review of these accounts, it was determined that the five benefit recipients were under the care of the Office of the State Guardian and the funds were being deposited into a commingled fund where the State Guardian manages the finances of those persons under their care. CIA Evans explained that currently benefit recipients cannot change their direct deposit information through the online member services site, however this could be a future functionality as the System works to increase the features available to members and retirees online.
CIA Evans noted that on January 2, 2018, letters were mailed to a sample of disability recipients which reside outside of the State of Illinois. During this disability certification period, these members would be asked to provide routine eligibility documents as well as copies of the 2015 and 2016 federal income tax returns for the purpose of evaluating whether the members could be gainfully employed. This process would help bridge the gap in an internal control weakness that is present in this small but higher risk group of disability recipients. The auditors have already developed testing templates and have performed background on the tax forms for potential indicators of gainful employment. An update of this project will be provided in April as information is received from the disability recipients and the auditors have the opportunity to evaluate these eligibility documents.
The internal auditors will also be working on some routine and new audits in the spring, including an audit of administrative expenditures and an audit of Member Education & Workshops. The administrative expenditures audit will cover purchasing and procurement for various good and services including the expenditure areas of equipment, commodities, printing, staff travel, and personnel. Essentially, this audit will cover most all expenditures and compliance requirements aside from benefit payments. The auditors have also scheduled dates to attend field services workshops to evaluate the content of the material being provided to members who attend.
The Committee began discussing the external financial audit and CIA Evans noted that the audit was coming to a close as he anticipates the audit being completed by late January. Based on conversations with the external audit manager, no audit findings are expected in the audit report and a clean opinion will likely be issued on the System’s financial statements. The external compliance examination will likely be released in mid to late March 2018 and it is expected that a few findings may be drafted as the issues relate to a board vacancy and IT change management issues. The System is working to correct both of these issues in hopes that they will not be repeated in FY2018. A more comprehensive report will be provided during the April meeting as these audits are expected to be released.
The Committee moved on to the discussion of any old business. CIA Evans explained that following the last meeting, the Executive Committee approved the termination of the survivor benefits found to be overpaid during a previously issued audit. Following the ratification of this decision by the Executive Committee, the Claims Division will seek recoupment from those survivors in which the mistake in benefit was found within three years of the benefit start date. Later in January, the Claims Division will also be issuing catch-up payments to those survivors in which were found to be underpaid due to the member having a Qualified Illinois Domestic Relations Order (QILDRO).
Seeing that there was no new business for discussion, Retiree Iglarsh moved to adjourn the meeting with Trustee Morris seconding the motion. The Audit and Compliance Committee adjourned at 9:50 a.m. ahead of the scheduled Board of Trustees meeting. The next scheduled meeting of the committee will be Tuesday, April 24, 2018, at 9:00 a.m.
https://www.srs.illinois.gov/PDFILES/Minutes/Audit_Compliance/18Jan_acc_min.pdf