Organization: | Office of the State Auditor |
---|---|
Date published: | May 11, 2021 |
Executive Summary
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor (OSA) has conducted a performance audit of Massachusetts Bay Community College (MBCC) for the period July 1, 2018 through December 31, 2019. When testing MBCC’s information technology (IT) inventory, we extended the audit period through August 28, 2020, capturing data in MBCC’s inventory database as of the time of our fieldwork. Some testing of MBCC’s IT inventory required physically observing the then-current status of equipment at MBCC locations. Our last physical observation of IT equipment was on January 19, 2021.
In this performance audit, we examined MBCC activities related to the administration of IT equipment and procurement cards. We also followed up on an issue regarding MBCC’s compliance with the reporting requirements of Chapter 647 of the Acts of 1989, identified in our previous audit (No. 2016-0196-3E), to determine what measures MBCC’s management had taken to address the lack of reporting of missing or stolen equipment to OSA.
Below is a summary of our findings and recommendations, with links to each page listed.
MBCC did not maintain accurate required information on its IT inventory list, and some items were untagged or never added to the list. |
|
MBCC could not substantiate that it conducted annual inventories of its IT equipment. |
|
|
|
MBCC has not implemented policies, procedures, and monitoring controls to ensure compliance with Chapter 647 of the Acts of 1989 as recommended in our prior audit. |
|
|
A PDF copy of the audit of Massachusetts Bay Community College is available here.
Post-Audit Action
In response to this audit report, MBCC provided the following comments about its post-audit actions.
The College appreciates the thoughtful review and feedback from the audit team, and the opportunity to respond to their findings. We have started the process of reviewing our policies, procedures, and systems to ensure proper monitoring and compliance. . . .
In response to the recommendation that the College provide mandatory information security training, we are pleased to report that this has successfully been impact bargained with the unions and we have begun to implement a system to provide cybersecurity training for all employees and to document program completion.
Table of Contents
Downloads
Contact
Phone
Online
Fax
Address
Room 230
Boston, MA 02133