Skip to main content
Audit

Audit  Audit of Mount Wachusett Community College

Our office conducted a performance audit of Mount Wachusett Community College (MWCC) for the period March 1, 2020 through June 30, 2023.

Organization: Office of the State Auditor
Date published: December 27, 2024

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Mount Wachusett Community College (MWCC) for the period March 1, 2020 through June 30, 2023. When examining employee settlement agreements entered into by MWCC, we extended the audit period to January 1, 2019 through December 31, 2023.

The purpose of our audit was to determine the following:

  • whether MWCC administered the student portion of funding under Section 18004(a)(1) of the Coronavirus Aid, Relief, and Economic Security (CARES) Act in accordance with Sections C, D, and E of the United States Department of Education’s (US DOE’s) Higher Education Emergency Relief Fund (HEERF) Frequently Asked Questions (FAQ) Rollup Document;
  • whether MWCC administered the institutional portion of funding under Section 18004(a)(1) of the CARES Act in accordance with Section F of US DOE’s HEERF FAQ Rollup Document;
  • whether MWCC administered the student portion of funding under Section 314(a)(1) of the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA) in accordance with US DOE’s HEERF ll Public and Private Nonprofit Institution (a)(1) Programs ([Catalog of Federal Domestic Assistance, or CFDA] 84.425E and 84.425F) FAQ;
  • whether MWCC administered the institutional portion of funding under Section 314(a)(1) of the CRRSAA in accordance with US DOE’s HEERF II Public and Private Nonprofit Institution (a)(1) Programs (CFDA 84.425E and 84.425F) FAQ;
  • whether MWCC administered the student portion of funding under Section 2003(a)(1) of the American Rescue Plan Act (ARPA) in accordance with Section B of US DOE’s HEERF lll FAQ;
  • whether MWCC administered the institutional portion of funding under Section 2003(a)(1) of the ARPA in accordance with Section C of US DOE’s HEERF lll FAQ;
  • whether MWCC updated its internal control plan to address the COVID-19 pandemic in accordance with the Office of the Comptroller of the Commonwealth’s (CTR’s) “COVID-19 Pandemic Response Internal Controls Guidance,” dated September 30, 2020;
  • whether MWCC ensured that its employees received cybersecurity awareness training in accordance with the requirements noted in Sections 6.2.3 and 6.2.4 of the Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010; and
  • whether MWCC had internal policies and procedures in place for (a) the review and approval of employee settlement agreements, including the language used, and (b) the reporting of employee settlement agreements to CTR. For employee settlement agreements entered into from January 1, 2019 through December 31, 2023, did MWCC follow these policies and did it use non-disclosure, non-disparagement, or similarly restrictive clauses as part of employee settlement agreement language?

Below is a summary of our findings, the effects of those findings, and our recommendations, with links to each page listed.

  
Finding 1
 		MWCC did not update its internal control plan with a COVID-19 pandemic response plan.
EffectAn internal control plan identifies objectives and risks and identifies control activities to mitigate risks that may prevent an agency from accomplishing its public mission. Without updating its internal control plan, MWCC may not identify and/or mitigate all risks that may prevent it from accomplishing its objectives.
Recommendation
 		MWCC should establish policies and procedures to ensure that its internal control plan is updated annually and when significant changes occur.
Finding 2
 		MWCC did not have a transparent or accountable process related to employee settlement agreements, including those containing non-disclosure, non-disparagement, or similarly restrictive clauses.
EffectIf MWCC does not have a transparent and accountable process to handle employee settlement agreements, especially those containing non-disclosure, non-disparagement, or similarly restrictive clauses, it cannot ensure that employee settlement agreements are handled in an ethical, legal, or appropriate manner.
Recommendations
 
  1. MWCC should develop, document, and implement a policy related to employee settlement agreements.
  2. To help increase transparency and accountability, MWCC should track and document all employee settlements entered into by MWCC.
  3. To help increase transparency and accountability, MWCC should track and document all complaints that include non-disclosure, non-disparagement, or similarly restrictive clauses in employee settlement agreements.
Finding 3
 		MWCC could not provide evidence that all users were assigned or completed cybersecurity awareness training.
EffectWithout educating all employees on their responsibility of protecting the security of information assets, MWCC may be exposed to a higher risk of cybersecurity attacks and financial and/or reputation losses.
Recommendations
 
  1. MWCC should take steps to establish a connection between MWCC’s internal system and the systems used by the third-party training providers to ensure that all employees are assigned to take initial cybersecurity awareness training upon being hired and refresher training on an annual basis.
  2. MWCC should ensure that all employees complete initial and refresher cybersecurity awareness training.
  3. MWCC should ensure that it retains certificates on file for its employees to document their completion of cybersecurity awareness training.

In addition, we identified an issue regarding MWCC’s information system general controls over its finance and administration system. For more information on this issue, see the "Other Matters" section of this report.

Table of Contents

Downloads

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback