Illinois’ new auditor general began his first official day on the job Friday, a little more than a week after a bit of irony.
A report issued on April 21 by the outgoing auditor general found that the state agency the new state auditor had previously led, the Illinois Finance Authority, lacked a required full-time internal audit program.
The report from retiring Auditor General Frank Mautino about the IFA led by Chris Meister was based on a two-year review period ending June 30, 2025. But the report also said the absence of such an “appropriate full-time” internal audit program within the finance authority was known for several years prior to the review period and that the IFA “has been unsuccessful in implementing a corrective action plan.”
The findings come as Meister, who served as the IFA’s executive director from 2009 until last month, now succeeds Mautino, leading a constitutional office responsible for reviewing state agencies’ use and management of funds, including public dollars.
The auditor general’s office declined to make Meister available for an interview, citing the need to maintain independence, as he cannot discuss management decisions of his previous employer. The office also cited state law to say Meister cannot “conduct or supervise a post audit of any agency for which he was responsible or by which he was employed or with which he contracted during the preceding 4 years.”
The office also referred to the report for further information about the audit.
According to the report, auditors recommended the IFA appoint a chief internal auditor independent of other state agencies and establish a full-time internal audit program at the IFA.
The IFA accepted the recommendation and said it plans to include funding for the position in its next fiscal year budget, which begins July 1, the report said. In his resume for the auditor general position, Meister said he oversaw an operations budget of about $5 million at the IFA.
The report also detailed the agency’s previous attempts to meet the requirement. In 2017, the IFA entered into an agreement with the Illinois Department of Central Management Services to provide internal auditing services.
But by 2019, an independent accountant noted, CMS’ internal auditor was serving nine state agencies, each legally required to have its own chief internal auditor “to maintain a full-time program of internal audit.”
That same year, the Illinois attorney general’s office issued an opinion stating the law “contemplates that each chief internal auditor will serve only one designated State agency and will do so on a full-time basis,” meaning the IFA could not rely on CMS for its internal auditing functions.
As executive director, Meister was responsible for appointing a chief internal auditor.
“Failure to establish a full-time internal audit program in accordance with the requirements of the (law) — where the chief internal auditor develops a deep understanding of the Authority’s functions and processes, oversees, and performs audits of the Authority’s major systems of internal accounting and administrative controls on a periodic basis, and oversees and reviews major new and modifications to information systems prior to implementation — weakens the Authority’s ability to assess its overall internal control environment and represents noncompliance with State law,” the report said.
In its response, the IFA said it “did not have the financial capacity to comply with this mandate during this audit period.”
Reached for comment, the IFA’s current interim executive director, Ximena Granda, referred to the agency’s written response in the report, which cited challenges “to recruit a chief internal auditor that meets the minimum qualifications and possesses the necessary state experience to ensure the (IFA) establishes and maintains integrity in its internal control environment.”
The audit from Mautino also identified weaknesses in the IFA’s cybersecurity programs and control of confidential information.
“The lack of adequate cybersecurity programs and practices could result in unidentified risk and vulnerabilities, which could ultimately lead to the (IFA’s) confidential and personal information being susceptible to cyber-attacks and unauthorized disclosure,” the report said.
The report listed several recommendations, including developing policies and a risk management framework. The IFA agreed to those recommendations.
During his time at the IFA, a self-funded agency that doesn’t rely on taxpayer funding, Meister oversaw financial products that include tax-exempt conduit bonds for nonprofits, industrial, commercial and agricultural sectors, and helped provide resources for economic development and climate energy-related projects.
Under Meister’s leadership, the agency attracted more than $45 billion in private capital to issue bonds for various projects throughout the state, according to the IFA.
