Audit: Illinois State professors skipped required outside work
disclosures
[January 21, 2026]
By Catrina Barker | The Center Square contributor
(The Center Square) – An Illinois lawmaker is raising serious concerns
about cybersecurity and legal compliance at Illinois State University
following a state audit that found long-standing material weaknesses and
repeated violations of state law.
State Rep. Paul Jacobs, R-Pomona, who serves on the House Appropriations
for Higher Education Committee and the Cybersecurity Committee, said the
Illinois Auditor General’s findings for fiscal year 2024 point to
systemic problems that have gone unresolved for years.
“These things are going back for years,” Jacobs told TCS. “You had three
Category 1 weaknesses and 10 Category 2 significant deficiencies. That’s
more of a systemic problem.”
The audit found ISU failed to meet key legal and accounting
requirements, including deficiencies in cybersecurity controls, outside
employment disclosures and student data protections. Several of the
findings were repeat issues dating back more than a decade.
Jacobs said the findings raise questions about accountability,
particularly as ISU continues to receive increased taxpayer funding.
“Why would they be getting more money instead of fixing the problems
they already have,” Jacobs said. “If we’re giving you money, you need to
be taking care of it.”
Jacobs said the university’s cybersecurity shortcomings are among the
most troubling aspects of the audit, especially given the sensitive
information universities handle.
“The biggest thing is it puts the students’ records at risk, like Social
Security numbers, etc.” he said. “The institution is also at risk. And,
of course, that could be an awful lot of lawsuits.”
Jacobs said the audit’s findings reveal faculty members engaging in
outside work without proper disclosure, a requirement under Illinois law
designed to prevent conflicts of interest and protect taxpayer-funded
research.
[to top of second column]
|
“They have some of their professors working outside and they’re not
reporting to the university,” said Jacobs.
He warned that undisclosed outside work could have serious
consequences, particularly when faculty use research funded by
taxpayers in private ventures.
“If you’re a research scientist and you take that work to an outside
job, and that research was done with taxpayer money, there could be
patents involved,” Jacobs said. “There’s a lot of millions of
dollars in lawsuits. That’s why that law exists, to protect the
interests of the state and the university.”
The audit also found ISU is not compliant with the federal Credit
Card Marketing Act, which requires public universities to protect
student information from being shared with businesses for marketing
purposes.
“That’s a straightforward statutory requirement,” Jacobs said.
Jacobs said repeated audit findings indicate the university has
failed to correct known problems, and lawmakers may need to
intervene to ensure compliance.
He suggested assigning responsibility to specific administrators and
requiring regular progress reports.
Jacobs also acknowledged lawmakers themselves may share some
responsibility for failing to oversee public universities more
closely.
“Apparently, the universities are not being looked over as well as
they should be,” he said. “I think this spring, we will have to look
at these reports maybe a lot more closely.”
The Center Square contacted ISU for comment on the audit, but the
university had not responded by publication.
 |
