Audit

Audit  Audit of Quinsigamond Community College

Our office conducted a performance audit of Quinsigamond Community College (QCC) for the period March 1, 2020, through June 30, 2023. When examining employee settlement agreements entered into by QCC, we extended the audit period to January 1, 2019 through December 30, 2023.

Organization: Office of the State Auditor
Date published: April 4, 2025

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Quinsigamond Community College (QCC) for the period March 1, 2020, through June 30, 2023. When examining employee settlement agreements entered into by QCC, we extended the audit period to January 1, 2019 through December 30, 2023.

The purpose of our audit was to determine the following:

  • whether QCC administered the student portion of funding under Section 18004(a)(1) of the Coronavirus Aid, Relief, and Economic Security (CARES) Act in accordance with Sections C, D, and E of the United States Department of Education’s (US DOE’s) Higher Education Emergency Relief Fund (HEERF) Frequently Asked Questions (FAQ) Rollup Document;
  • whether QCC administered the institutional portion of funding under Section 18004(a)(1) of the CARES Act in accordance with Section F of US DOE’s HEERF FAQ Rollup Document;
  • whether QCC administered the student portion of funding under Section 314(a)(1) of the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA) in accordance with US DOE’s HEERF II Public and Private Nonprofit Institution (a)(1) Programs ([Catalog of Federal Domestic Assistance (CFDA)] 84.425E and 84.425F) FAQ;
  • whether QCC administered the institutional portion of funding under Section 314(a)(1) of the CRRSAA in accordance with US DOE’s HEERF II Public and Private Nonprofit Institution (a)(1) Programs (CFDA 84.425E and 84.425F) FAQ;
  • whether QCC administered the student portion of funding under Section 2003(a)(1) of the American Rescue Plan Act (ARPA) in accordance with Section B of US DOE’s HEERF III FAQ;
  • whether QCC administered the institutional portion of funding under Section 2003(a)(1) of the ARPA in accordance with Section C of US DOE’s HEERF III FAQ;
  • whether QCC updated its internal control plan to address the COVID-19 pandemic in accordance with the Office of the Comptroller of the Commonwealth’s (CTR’s) “COVID-19 Pandemic Response Internal Controls Guidance,” dated September 30, 2020;
  • whether QCC ensured that its employees received cybersecurity awareness training in accordance with the requirements noted in Sections 6.2.3 and 6.2.4 of the Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010, effective October 15, 2018; and
  • whether QCC had internal policies and procedures in place for (a) the review and approval of employee settlement agreements, including the language used, and (b) the reporting of employee settlement agreements to CTR and whether QCC followed these policies and procedures and used non-disclosure, non-disparagement, or similarly restrictive clauses as part of employee settlement agreement language for settlements that it entered into from January 1, 2019 through December 30, 2023.

Below is a summary of our findings, the effects of those findings, and our recommendations, with links to each page listed.

  
Finding 1QCC did not ensure that all employees completed cybersecurity awareness training both when hired and annually thereafter.
EffectWithout educating all employees on their responsibility of protecting the security of information assets, QCC may be exposed to a higher risk of cybersecurity attacks and financial and/or reputational losses.
Recommendations
  1. QCC should ensure that all employees complete annual cybersecurity awareness training and that all newly hired employees complete the initial training within the first 30 days of orientation.
  2. QCC should design and implement a monitoring control to track the completion of cybersecurity awareness training.
Finding 2QCC lacked certain information system general controls over its campus-wide administrative database and financial system, as well as human resources hardcopy records.
EffectDeficiencies in information system general controls can lead to potential operational issues, which could negatively impact QCC’s reputation, information system security, and/or financial stability.
Recommendations
 
  1. QCC should revisit and enhance its information systems general controls surrounding the campus-wide administrative database and financial system, as well as human resources records.
  2. QCC should establish a policy to monitor the accuracy of data, the removal of terminated employees from the data systems, and record retention.
Finding 3
 
QCC did not have a documented, transparent, or accountable process related to employee settlement agreements, including those containing non-disclosure, non-disparagement, or similarly restrictive clauses.
EffectIf QCC does not have a documented, transparent, and accountable process to handle employee settlement agreements, especially those containing non-disclosure, non-disparagement, or similarly restrictive clauses, then it cannot ensure that employee settlement agreements are handled in an ethical, legal, or appropriate manner. Also, by not maintaining a comprehensive “watch list,” QCC may rehire a former employee with a provision in the settlement stating not to rehire.
Recommendations
  1. QCC should develop, document, and implement a policy related to employee settlement agreements, including those with no reemployment clauses.
  2. QCC should track and document all complaints that include non-disclosure, non-disparagement, or similarly restrictive clauses in employee settlement agreements.

In addition to the conclusions we reached regarding our audit objectives, we also identified issues not specifically addressed by our objectives. For more information, see Other Matters.

Contact

Phone

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback