Audit

Audit  Audit of Fitchburg State University

Our office conducted a performance audit of Fitchburg State University (FSU) for the period March 1, 2020 through December 31, 2021.

Organization: Office of the State Auditor
Date published: September 15, 2023

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Fitchburg State University (FSU) for the period March 1, 2020 through December 31, 2021.

In this performance audit, we reviewed FSU’s financial activity from federal funding provided by the Coronavirus Aid, Relief, and Economic Security (CARES) Act, enacted by Congress on March 27, 2020; the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA), enacted on December 27, 2020; and the American Rescue Plan (ARP) Act, enacted on March 11, 2021. FSU received grant funding under two components of the CARES Act’s Education Stabilization Fund: direct funding from the United States Department of Education (US DOE), provided through the Higher Education Emergency Relief Fund,1 and funding from the Massachusetts Department of Higher Education, allocated through the Governor’s Emergency Education Relief Fund. The purpose of our audit was to determine whether FSU administered the CARES Act, CRRSAA, and ARP Act funding it received in accordance with the criteria established by the Massachusetts Department of Higher Education and US DOE, as well as with its own student grant distribution method.

We also determined whether FSU complied with the Office of the Comptroller of the Commonwealth’s guidance by updating its internal control plan to address risks related to the COVID-19 pandemic. In addition, we determined whether FSU personnel responsible for the management of COVID-19 funds within the Administration and Finance Department, the Student Accounts Department, the Financial Aid Department, and the Registrar’s Office completed cybersecurity awareness training in accordance with Sections 6.2.3 and 6.2.4 of the state Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010.

Below is a summary of our finding and recommendations, with links to each page listed.

  
Finding 1
 
FSU was unable to provide complete documentation that its employees responsible for the management of COVID-19 funds completed cybersecurity awareness training.
Recommendations
 
  1. FSU should retain attendance sheets to provide evidence that its employees completed cybersecurity awareness training.
  2. FSU should implement monitoring controls to ensure that it retains attendance sheets for its cybersecurity awareness training.

1.    The Higher Education Emergency Relief Fund (HEERF) consists of three separate grants related to the COVID-19 pandemic that were directly funded from US DOE under the CARES Act (HEERF I), CRRSAA (HEERF II), and ARP Act (HEERF III).

Downloads

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback