Organization: | Office of the State Auditor |
---|---|
Date published: | April 4, 2025 |
Executive Summary
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Quinsigamond Community College (QCC) for the period March 1, 2020, through June 30, 2023. When examining employee settlement agreements entered into by QCC, we extended the audit period to January 1, 2019 through December 30, 2023.
The purpose of our audit was to determine the following:
- whether QCC administered the student portion of funding under Section 18004(a)(1) of the Coronavirus Aid, Relief, and Economic Security (CARES) Act in accordance with Sections C, D, and E of the United States Department of Education’s (US DOE’s) Higher Education Emergency Relief Fund (HEERF) Frequently Asked Questions (FAQ) Rollup Document;
- whether QCC administered the institutional portion of funding under Section 18004(a)(1) of the CARES Act in accordance with Section F of US DOE’s HEERF FAQ Rollup Document;
- whether QCC administered the student portion of funding under Section 314(a)(1) of the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA) in accordance with US DOE’s HEERF II Public and Private Nonprofit Institution (a)(1) Programs ([Catalog of Federal Domestic Assistance (CFDA)] 84.425E and 84.425F) FAQ;
- whether QCC administered the institutional portion of funding under Section 314(a)(1) of the CRRSAA in accordance with US DOE’s HEERF II Public and Private Nonprofit Institution (a)(1) Programs (CFDA 84.425E and 84.425F) FAQ;
- whether QCC administered the student portion of funding under Section 2003(a)(1) of the American Rescue Plan Act (ARPA) in accordance with Section B of US DOE’s HEERF III FAQ;
- whether QCC administered the institutional portion of funding under Section 2003(a)(1) of the ARPA in accordance with Section C of US DOE’s HEERF III FAQ;
- whether QCC updated its internal control plan to address the COVID-19 pandemic in accordance with the Office of the Comptroller of the Commonwealth’s (CTR’s) “COVID-19 Pandemic Response Internal Controls Guidance,” dated September 30, 2020;
- whether QCC ensured that its employees received cybersecurity awareness training in accordance with the requirements noted in Sections 6.2.3 and 6.2.4 of the Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010, effective October 15, 2018; and
- whether QCC had internal policies and procedures in place for (a) the review and approval of employee settlement agreements, including the language used, and (b) the reporting of employee settlement agreements to CTR and whether QCC followed these policies and procedures and used non-disclosure, non-disparagement, or similarly restrictive clauses as part of employee settlement agreement language for settlements that it entered into from January 1, 2019 through December 30, 2023.
Below is a summary of our findings, the effects of those findings, and our recommendations, with links to each page listed.
Finding 1 | QCC did not ensure that all employees completed cybersecurity awareness training both when hired and annually thereafter. |
Effect | Without educating all employees on their responsibility of protecting the security of information assets, QCC may be exposed to a higher risk of cybersecurity attacks and financial and/or reputational losses. |
Recommendations |
|
Finding 2 | QCC lacked certain information system general controls over its campus-wide administrative database and financial system, as well as human resources hardcopy records. |
Effect | Deficiencies in information system general controls can lead to potential operational issues, which could negatively impact QCC’s reputation, information system security, and/or financial stability. |
Recommendations |
|
Finding 3 | QCC did not have a documented, transparent, or accountable process related to employee settlement agreements, including those containing non-disclosure, non-disparagement, or similarly restrictive clauses. |
Effect | If QCC does not have a documented, transparent, and accountable process to handle employee settlement agreements, especially those containing non-disclosure, non-disparagement, or similarly restrictive clauses, then it cannot ensure that employee settlement agreements are handled in an ethical, legal, or appropriate manner. Also, by not maintaining a comprehensive “watch list,” QCC may rehire a former employee with a provision in the settlement stating not to rehire. |
Recommendations |
|
In addition to the conclusions we reached regarding our audit objectives, we also identified issues not specifically addressed by our objectives. For more information, see Other Matters.
Table of Contents
Downloads
-
Open PDF file, 495.95 KB, Audit Report - Quinsigamond Community College (English, PDF 495.95 KB)
Contact
Phone
Online
Fax
Address
Room 230
Boston, MA 02133