Section 1500.100  Purpose

 

As the official body in the State of Illinois designated to conduct annual and periodic audits of the procedures, policies, and practices of the state central repositories for criminal history record information, the Illinois Criminal Justice Information Authority (hereinafter called the Authority) shall be responsible for monitoring and evaluating the performance of the repositories with respect to the accuracy and completeness of criminal history record information and for the detection and correction of audit exceptions.  The Authority shall conduct the annual and periodic audits for the purposes of ensuring:

 

a)         continuing public review and discussion of the procedures, practices, and policies of the repositories' maintenance of criminal history record information;

 

b)         adherence to federal and state laws governing criminal history record information (See e.g., 28 CFR 20 et seq., as amended December 6, 1977; Ill. Rev. Stat. 1982 Supp., ch. 38 pars. 210-1 et seq., as amended; Public Act 83-1013, certified December 27, 1983);

 

c)         retention of documentation tracing the creation, copying, and dissemination of criminal history record information;

 

d)         compliance by the repositories with their internal procedures, policies, and practices; and

 

e)         availability of information regarding the accuracy, completeness and integrity of the criminal history record information maintained throughout the State.

 

Section 1500.200  Audit Conduct

 

a)         The Authority shall audit the state central repositories at least once each year.  The Executive Director shall designate those members of the Authority staff authorized to conduct the audits of the state central repositories on behalf of the Authority (based upon costs and available resources).  The Executive Director shall also authorize other state employees or private or government consultants to conduct audits when such assistance is required to improve the efficiency of the audit.

 

b)         All persons authorized by the Executive Director to conduct audits on behalf of the Authority shall be subject to personnel clearances as required by federal regulations (28 CFR 20, as amended December 6, 1977) and shall have an obligation to be familiar with the substance and intent of all federal and state laws regarding the privacy and security of criminal history record information.

 

c)         The audits shall be conducted on the premises of the state central repositories when necessary for the Authority to review original record documents or to improve the quality of the audit.  In addition, the Authority shall direct the repositories to provide whatever information is required to complete the audit.

 

d)         The Authority shall audit a representative sample of records maintained by the state central repositories for compliance with established procedures.  At a minimum, the Authority shall audit:

 

1)         accuracy and completeness of records;

 

2)         dissemination procedures for consistency with state and federal laws;

 

3)         correction procedures for records found to contain errors;

 

4)         delinquent disposition monitoring, internal audit, security, access and review procedures.

 

e)         The audit procedures stated herein shall apply to both manual and automated criminal history record information.

 

Section 1500.300  Responsibilities of the State Central Repositories

 

a)         As required by law, the state central repositories shall audit, correct and update criminal history record information maintained by them. This responsibility shall be fulfilled by conducting systematic audits for accuracy and completeness by automatically logging data entries, primary and secondary disseminations and by automatically monitoring for delinquent dispositions.

 

b)         The state central repositories shall audit local criminal justice agencies reporting to them or obtaining criminal history record information from them.  This responsibility shall be fulfilled by conducting random audits for compliance with state and federal requirements regarding criminal history record information, including, but not limited to, auditing for disposition reporting, dissemination, security, access and review of such information.

 

c)         In conducting the audits of local criminal justice agencies described above, the state central repositories shall document each individual record, practice, policy or procedure audited by recording whether or not any audit exception was found, if so, stating what the exception was, the nature of the response needed to correct the exception, and the date the correction was actually made.  This documentation shall be retained by the state central repositories for one year after the Authority issues an audit report.

 

d)         The state central repositories shall notify the local criminal justice agency, in writing, of all errors and exceptions found and establish a reasonable time period in which the local criminal justice agency can respond and correct the errors or exceptions, but not more than thirty days.  At the expiration of the time period established, the state central repositories shall monitor the local agency to determine whether the errors or exceptions have, in fact, been corrected.

 

Section 1500.400  Sampling Procedures

 

a)         The state central repositories shall audit a statistically significant random sample of the records they maintain for accuracy and completeness by comparing them with the source documents.  Such audits shall be conducted at least once a year, documented as described in Section 1500.300(c) above, and retained for at least one year for audit by the Authority.

 

b)         The state central repositories shall audit a representative sample of local criminal justice agencies chosen on a random basis for compliance with state and federal laws.  Such audits shall be conducted on a continuous basis, documented as described in Section 1500.300(c) above, and retained for at least one year for audit by the Authority.  A "representative sample" as used in this subsection means a statistically significant number of criminal justice agencies varying by type, geographic location and size (expressed by population served) so as to fairly depict a cross-section of the criminal justice agencies found in the state.

 

Section 1500.500  Audit Findings and Reports

 

a)         The Authority shall issue a report of its audit findings to the Governor, the General Assembly, the state central repositories, and the public.

 

b)         The report shall include a precise statement of the scope of the audit, a statement of the findings resulting from the audit, a statement of the prospective significance of the findings, recommendations to the state central repositories with respect to their procedures, practices, and policies, and a statement of explanation or rebuttal which may have been submitted by the audited agency.

 

c)         In conducting subsequent audits the Authority shall specifically monitor the state central repositories for correction of audit exceptions noted in the previous audit and include its findings in the audit report.